Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Xwl3DsNmN2.exe

Overview

General Information

Sample name:Xwl3DsNmN2.exe
renamed because original name is a hash value
Original sample name:f9ded81115c4c75971a6a683782d06ae.exe
Analysis ID:1520459
MD5:f9ded81115c4c75971a6a683782d06ae
SHA1:03ff74506788b9050e7374a665b00a69405f81dc
SHA256:b1ca829cc4b862f66977df476736c624666df294318fd781c41d1d256208cc63
Tags:exeuser-abuse_ch
Infos:

Detection

CobaltStrike, Metasploit, ReflectiveLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CobaltStrike
Yara detected Metasploit Payload
Yara detected Powershell download and execute
Yara detected ReflectiveLoader
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Xwl3DsNmN2.exe (PID: 4984 cmdline: "C:\Users\user\Desktop\Xwl3DsNmN2.exe" MD5: F9DED81115C4C75971A6A683782D06AE)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • Earth Baxia
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 7700, "SleepTime": 60000, "MaxGetSize": 1048576, "Jitter": 0, "C2Server": "89.197.154.115,/ptj", "HttpPostUri": "/submit.php", "Malleable_C2_Instructions": [], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}

Threatname: Metasploit

{"Type": "Shell Reverse Http", "URL": "http://89.197.154.115:7700/6CqFEOIEZ-_A_cH8pgiUAgokwto4FovQaLCp7IwjfjFOHLmm4PXOb0KwnKkTc0c4DgsIXI1BeciyULKIi1BQYK5r_ag_pWihXw1viMYb3a4ebq8yKbFx_6C"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Xwl3DsNmN2.exeJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
    Xwl3DsNmN2.exeJoeSecurity_MetasploitPayloadYara detected Metasploit PayloadJoe Security
      Xwl3DsNmN2.exeWindows_Trojan_Metasploit_24338919Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon).unknown
      • 0xa336:$a1: 68 6E 65 74 00 68 77 69 6E 69 54 68 4C 77 26 07

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
        00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmpWindows_Trojan_Metasploit_24338919Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon).unknown
        • 0x9336:$a1: 68 6E 65 74 00 68 77 69 6E 69 54 68 4C 77 26 07
        00000000.00000000.2076699186.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
          00000000.00000000.2076699186.0000000000401000.00000020.00000001.01000000.00000003.sdmpWindows_Trojan_Metasploit_24338919Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon).unknown
          • 0x9336:$a1: 68 6E 65 74 00 68 77 69 6E 69 54 68 4C 77 26 07
          00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
          • 0x8f:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
          Click to see the 35 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.Xwl3DsNmN2.exe.400000.0.unpackJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
            0.0.Xwl3DsNmN2.exe.400000.0.unpackJoeSecurity_MetasploitPayloadYara detected Metasploit PayloadJoe Security
              0.0.Xwl3DsNmN2.exe.400000.0.unpackWindows_Trojan_Metasploit_24338919Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon).unknown
              • 0xa336:$a1: 68 6E 65 74 00 68 77 69 6E 69 54 68 4C 77 26 07
              0.2.Xwl3DsNmN2.exe.400000.0.unpackJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
                0.2.Xwl3DsNmN2.exe.400000.0.unpackJoeSecurity_MetasploitPayloadYara detected Metasploit PayloadJoe Security
                  Click to see the 27 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-27T11:22:05.671039+020020287653Unknown Traffic192.168.2.54970489.197.154.1157700TCP
                  2024-09-27T11:22:08.590221+020020287653Unknown Traffic192.168.2.54970689.197.154.1157700TCP
                  2024-09-27T11:22:10.665565+020020287653Unknown Traffic192.168.2.54970789.197.154.1157700TCP
                  2024-09-27T11:22:12.066137+020020287653Unknown Traffic192.168.2.54970889.197.154.1157700TCP
                  2024-09-27T11:22:13.398731+020020287653Unknown Traffic192.168.2.54970989.197.154.1157700TCP
                  2024-09-27T11:22:14.544416+020020287653Unknown Traffic192.168.2.54971089.197.154.1157700TCP
                  2024-09-27T11:22:15.878321+020020287653Unknown Traffic192.168.2.54971189.197.154.1157700TCP
                  2024-09-27T11:22:17.025428+020020287653Unknown Traffic192.168.2.54971289.197.154.1157700TCP
                  2024-09-27T11:22:18.170028+020020287653Unknown Traffic192.168.2.54971389.197.154.1157700TCP
                  2024-09-27T11:22:19.313183+020020287653Unknown Traffic192.168.2.54971489.197.154.1157700TCP
                  2024-09-27T11:22:20.464374+020020287653Unknown Traffic192.168.2.54971589.197.154.1157700TCP
                  2024-09-27T11:22:21.614519+020020287653Unknown Traffic192.168.2.54971689.197.154.1157700TCP
                  2024-09-27T11:22:22.763590+020020287653Unknown Traffic192.168.2.54972089.197.154.1157700TCP
                  2024-09-27T11:22:23.992628+020020287653Unknown Traffic192.168.2.54972489.197.154.1157700TCP
                  2024-09-27T11:22:25.138821+020020287653Unknown Traffic192.168.2.54972689.197.154.1157700TCP
                  2024-09-27T11:22:27.228356+020020287653Unknown Traffic192.168.2.54972789.197.154.1157700TCP
                  2024-09-27T11:22:28.347702+020020287653Unknown Traffic192.168.2.54972889.197.154.1157700TCP
                  2024-09-27T11:22:29.593015+020020287653Unknown Traffic192.168.2.54972989.197.154.1157700TCP
                  2024-09-27T11:22:30.749595+020020287653Unknown Traffic192.168.2.54973089.197.154.1157700TCP
                  2024-09-27T11:22:31.880001+020020287653Unknown Traffic192.168.2.54973189.197.154.1157700TCP
                  2024-09-27T11:22:33.079659+020020287653Unknown Traffic192.168.2.54973289.197.154.1157700TCP
                  2024-09-27T11:22:34.371843+020020287653Unknown Traffic192.168.2.54973389.197.154.1157700TCP
                  2024-09-27T11:22:35.395789+020020287653Unknown Traffic192.168.2.54973489.197.154.1157700TCP
                  2024-09-27T11:22:36.520525+020020287653Unknown Traffic192.168.2.54973589.197.154.1157700TCP
                  2024-09-27T11:22:37.676684+020020287653Unknown Traffic192.168.2.54973689.197.154.1157700TCP
                  2024-09-27T11:22:39.390127+020020287653Unknown Traffic192.168.2.54973789.197.154.1157700TCP
                  2024-09-27T11:22:40.575720+020020287653Unknown Traffic192.168.2.54973889.197.154.1157700TCP
                  2024-09-27T11:22:41.709289+020020287653Unknown Traffic192.168.2.54973989.197.154.1157700TCP
                  2024-09-27T11:22:42.872687+020020287653Unknown Traffic192.168.2.54974089.197.154.1157700TCP
                  2024-09-27T11:22:44.028888+020020287653Unknown Traffic192.168.2.54974189.197.154.1157700TCP
                  2024-09-27T11:22:45.167708+020020287653Unknown Traffic192.168.2.54974289.197.154.1157700TCP
                  2024-09-27T11:22:46.338682+020020287653Unknown Traffic192.168.2.54974389.197.154.1157700TCP
                  2024-09-27T11:22:47.474762+020020287653Unknown Traffic192.168.2.54974489.197.154.1157700TCP
                  2024-09-27T11:22:49.181174+020020287653Unknown Traffic192.168.2.54974589.197.154.1157700TCP
                  2024-09-27T11:22:50.214234+020020287653Unknown Traffic192.168.2.54974689.197.154.1157700TCP
                  2024-09-27T11:22:51.495245+020020287653Unknown Traffic192.168.2.54974789.197.154.1157700TCP
                  2024-09-27T11:22:52.627819+020020287653Unknown Traffic192.168.2.54974889.197.154.1157700TCP
                  2024-09-27T11:22:53.772352+020020287653Unknown Traffic192.168.2.54974989.197.154.1157700TCP
                  2024-09-27T11:22:55.055945+020020287653Unknown Traffic192.168.2.54975089.197.154.1157700TCP
                  2024-09-27T11:22:56.190709+020020287653Unknown Traffic192.168.2.54975189.197.154.1157700TCP
                  2024-09-27T11:22:57.398856+020020287653Unknown Traffic192.168.2.54975289.197.154.1157700TCP
                  2024-09-27T11:22:58.547735+020020287653Unknown Traffic192.168.2.54975389.197.154.1157700TCP
                  2024-09-27T11:22:59.699622+020020287653Unknown Traffic192.168.2.54975489.197.154.1157700TCP
                  2024-09-27T11:23:00.840427+020020287653Unknown Traffic192.168.2.54975689.197.154.1157700TCP
                  2024-09-27T11:23:02.094782+020020287653Unknown Traffic192.168.2.54975789.197.154.1157700TCP
                  2024-09-27T11:23:03.222887+020020287653Unknown Traffic192.168.2.54975889.197.154.1157700TCP
                  2024-09-27T11:23:04.406426+020020287653Unknown Traffic192.168.2.54975989.197.154.1157700TCP
                  2024-09-27T11:23:05.540974+020020287653Unknown Traffic192.168.2.54976089.197.154.1157700TCP
                  2024-09-27T11:23:06.707783+020020287653Unknown Traffic192.168.2.54976189.197.154.1157700TCP
                  2024-09-27T11:23:07.859728+020020287653Unknown Traffic192.168.2.54976289.197.154.1157700TCP
                  2024-09-27T11:23:09.022723+020020287653Unknown Traffic192.168.2.54976389.197.154.1157700TCP
                  2024-09-27T11:23:10.163407+020020287653Unknown Traffic192.168.2.54976489.197.154.1157700TCP
                  2024-09-27T11:23:11.306297+020020287653Unknown Traffic192.168.2.54976589.197.154.1157700TCP
                  2024-09-27T11:23:12.593916+020020287653Unknown Traffic192.168.2.54976689.197.154.1157700TCP
                  2024-09-27T11:23:13.749790+020020287653Unknown Traffic192.168.2.54976789.197.154.1157700TCP
                  2024-09-27T11:23:14.905825+020020287653Unknown Traffic192.168.2.54976889.197.154.1157700TCP
                  2024-09-27T11:23:16.036943+020020287653Unknown Traffic192.168.2.54976989.197.154.1157700TCP
                  2024-09-27T11:23:17.159864+020020287653Unknown Traffic192.168.2.54977089.197.154.1157700TCP
                  2024-09-27T11:23:18.291952+020020287653Unknown Traffic192.168.2.54977189.197.154.1157700TCP
                  2024-09-27T11:23:19.444191+020020287653Unknown Traffic192.168.2.54977289.197.154.1157700TCP
                  2024-09-27T11:23:20.779670+020020287653Unknown Traffic192.168.2.54977389.197.154.1157700TCP
                  2024-09-27T11:23:21.867370+020020287653Unknown Traffic192.168.2.54977489.197.154.1157700TCP
                  2024-09-27T11:23:23.001436+020020287653Unknown Traffic192.168.2.54977589.197.154.1157700TCP
                  2024-09-27T11:23:24.210972+020020287653Unknown Traffic192.168.2.54977689.197.154.1157700TCP
                  2024-09-27T11:23:26.347532+020020287653Unknown Traffic192.168.2.54977789.197.154.1157700TCP
                  2024-09-27T11:23:27.348860+020020287653Unknown Traffic192.168.2.54977889.197.154.1157700TCP
                  2024-09-27T11:23:28.736438+020020287653Unknown Traffic192.168.2.54977989.197.154.1157700TCP
                  2024-09-27T11:23:29.872216+020020287653Unknown Traffic192.168.2.54978089.197.154.1157700TCP
                  2024-09-27T11:23:31.186316+020020287653Unknown Traffic192.168.2.54978189.197.154.1157700TCP
                  2024-09-27T11:23:32.338236+020020287653Unknown Traffic192.168.2.54978289.197.154.1157700TCP
                  2024-09-27T11:23:33.472863+020020287653Unknown Traffic192.168.2.54978389.197.154.1157700TCP
                  2024-09-27T11:23:35.442709+020020287653Unknown Traffic192.168.2.54978489.197.154.1157700TCP
                  2024-09-27T11:23:36.570875+020020287653Unknown Traffic192.168.2.54978589.197.154.1157700TCP
                  2024-09-27T11:23:37.898402+020020287653Unknown Traffic192.168.2.54978689.197.154.1157700TCP
                  2024-09-27T11:23:39.035897+020020287653Unknown Traffic192.168.2.54978789.197.154.1157700TCP
                  2024-09-27T11:23:40.188364+020020287653Unknown Traffic192.168.2.54978889.197.154.1157700TCP
                  2024-09-27T11:23:42.270266+020020287653Unknown Traffic192.168.2.54978989.197.154.1157700TCP
                  2024-09-27T11:23:43.394515+020020287653Unknown Traffic192.168.2.54979089.197.154.1157700TCP
                  2024-09-27T11:23:44.515002+020020287653Unknown Traffic192.168.2.54979189.197.154.1157700TCP
                  2024-09-27T11:23:45.673987+020020287653Unknown Traffic192.168.2.54979289.197.154.1157700TCP
                  2024-09-27T11:23:46.820368+020020287653Unknown Traffic192.168.2.54979389.197.154.1157700TCP
                  2024-09-27T11:23:47.950903+020020287653Unknown Traffic192.168.2.54979489.197.154.1157700TCP
                  2024-09-27T11:23:49.100970+020020287653Unknown Traffic192.168.2.54979589.197.154.1157700TCP
                  2024-09-27T11:23:50.265045+020020287653Unknown Traffic192.168.2.54979689.197.154.1157700TCP
                  2024-09-27T11:23:51.413608+020020287653Unknown Traffic192.168.2.54979789.197.154.1157700TCP
                  2024-09-27T11:23:52.556701+020020287653Unknown Traffic192.168.2.54979889.197.154.1157700TCP
                  2024-09-27T11:23:53.691817+020020287653Unknown Traffic192.168.2.54979989.197.154.1157700TCP
                  2024-09-27T11:23:54.816643+020020287653Unknown Traffic192.168.2.54980089.197.154.1157700TCP
                  2024-09-27T11:23:55.959557+020020287653Unknown Traffic192.168.2.54980189.197.154.1157700TCP
                  2024-09-27T11:23:57.116044+020020287653Unknown Traffic192.168.2.54980289.197.154.1157700TCP
                  2024-09-27T11:23:58.248029+020020287653Unknown Traffic192.168.2.54980389.197.154.1157700TCP
                  2024-09-27T11:23:59.377491+020020287653Unknown Traffic192.168.2.54980489.197.154.1157700TCP
                  2024-09-27T11:24:00.524474+020020287653Unknown Traffic192.168.2.54980589.197.154.1157700TCP
                  2024-09-27T11:24:01.670807+020020287653Unknown Traffic192.168.2.54980689.197.154.1157700TCP
                  2024-09-27T11:24:03.883018+020020287653Unknown Traffic192.168.2.54980789.197.154.1157700TCP
                  2024-09-27T11:24:05.032852+020020287653Unknown Traffic192.168.2.54980889.197.154.1157700TCP
                  2024-09-27T11:24:06.165769+020020287653Unknown Traffic192.168.2.54980989.197.154.1157700TCP
                  2024-09-27T11:24:07.289161+020020287653Unknown Traffic192.168.2.54981089.197.154.1157700TCP
                  2024-09-27T11:24:08.425246+020020287653Unknown Traffic192.168.2.54981189.197.154.1157700TCP
                  2024-09-27T11:24:09.569184+020020287653Unknown Traffic192.168.2.54981289.197.154.1157700TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-27T11:22:07.116408+020020356511A Network Trojan was detected89.197.154.1157700192.168.2.549704TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: Xwl3DsNmN2.exeAvira: detected
                  Found malware configuration
                  Source: Xwl3DsNmN2.exeMalware Configuration Extractor: Metasploit {"Type": "Shell Reverse Http", "URL": "http://89.197.154.115:7700/6CqFEOIEZ-_A_cH8pgiUAgokwto4FovQaLCp7IwjfjFOHLmm4PXOb0KwnKkTc0c4DgsIXI1BeciyULKIi1BQYK5r_ag_pWihXw1viMYb3a4ebq8yKbFx_6C"}
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 7700, "SleepTime": 60000, "MaxGetSize": 1048576, "Jitter": 0, "C2Server": "89.197.154.115,/ptj", "HttpPostUri": "/submit.php", "Malleable_C2_Instructions": [], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}
                  Multi AV Scanner detection for submitted file
                  Source: Xwl3DsNmN2.exeReversingLabs: Detection: 81%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                  Machine Learning detection for sample
                  Source: Xwl3DsNmN2.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F7EF82 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,0_2_02F7EF82
                  Source: Xwl3DsNmN2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: Binary string: C:\local0\asf\release\build-2.2.14\support\Release\ab.pdb source: Xwl3DsNmN2.exe
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F75225 _malloc,_memset,_strncmp,GetCurrentDirectoryA,FindFirstFileA,GetLastError,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,0_2_02F75225
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F7A70E _malloc,__snprintf,FindFirstFileA,_malloc,__snprintf,FindNextFileA,FindClose,0_2_02F7A70E
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 4x nop then cmp byte ptr [eax], ah0_2_00406D7C

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2035651 - Severity 1 - ET MALWARE Meterpreter or Other Reverse Shell SSL Cert : 89.197.154.115:7700 -> 192.168.2.5:49704
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: 89.197.154.115
                  Source: Malware configuration extractorURLs: http://89.197.154.115:7700/6CqFEOIEZ-_A_cH8pgiUAgokwto4FovQaLCp7IwjfjFOHLmm4PXOb0KwnKkTc0c4DgsIXI1BeciyULKIi1BQYK5r_ag_pWihXw1viMYb3a4ebq8yKbFx_6C
                  Source: global trafficTCP traffic: 192.168.2.5:49704 -> 89.197.154.115:7700
                  Source: Joe Sandbox ViewIP Address: 89.197.154.115 89.197.154.115
                  Source: Joe Sandbox ViewASN Name: VIRTUAL1GB VIRTUAL1GB
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49704 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49706 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49707 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49711 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49712 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49710 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49713 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49708 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49709 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49714 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49715 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49720 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49727 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49730 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49726 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49733 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49734 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49728 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49736 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49716 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49738 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49729 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49741 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49740 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49724 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49745 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49742 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49752 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49754 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49751 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49746 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49758 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49765 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49769 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49774 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49761 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49776 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49778 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49756 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49777 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49732 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49771 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49781 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49783 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49757 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49787 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49760 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49735 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49786 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49792 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49770 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49779 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49763 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49775 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49797 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49768 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49731 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49790 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49743 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49791 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49807 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49798 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49764 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49737 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49767 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49810 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49766 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49748 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49747 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49773 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49739 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49796 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49750 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49762 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49788 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49793 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49744 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49782 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49780 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49808 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49812 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49801 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49759 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49749 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49784 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49805 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49802 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49800 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49811 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49789 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49794 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49806 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49803 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49753 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49804 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49799 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49809 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49772 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49795 -> 89.197.154.115:7700
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49785 -> 89.197.154.115:7700
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.197.154.115
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F78E51 GetTickCount,_malloc,htonl,recvfrom,WSAGetLastError,htonl,ioctlsocket,0_2_02F78E51
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/
                  Source: 77EC63BDA74BD0D0E0426DC8F80085060.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: Xwl3DsNmN2.exe, 00000000.00000003.2108588037.000000000052A000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000003.2097560571.0000000002EB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?72289480ac637
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000003.2108588037.000000000052A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabT
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000003.2108588037.000000000052A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enS
                  Source: Xwl3DsNmN2.exeString found in binary or memory: http://www.apache.org/
                  Source: Xwl3DsNmN2.exeString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: Xwl3DsNmN2.exeString found in binary or memory: http://www.zeustech.net/
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.00000000004E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115/
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/6CqFEOIEZ-_A_cH8pgiUAgokwto4FovQaLCp7IwjfjFOHLmm4PXOb0KwnKkTc0c4DgsIXI1B
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/My
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/hy
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/oft
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptj
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptj-
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptj0
                  Source: Xwl3DsNmN2.exe, 00000000.00000003.2258428012.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptj476756634-1003
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptj7
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptj9
                  Source: Xwl3DsNmN2.exe, 00000000.00000003.2258428012.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptjJ
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptjP
                  Source: Xwl3DsNmN2.exe, 00000000.00000003.2258428012.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptjW
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptjft
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptjh
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptjm32
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptjnnlsres.dll.muil
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptjq
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/ptjs
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://89.197.154.115:7700/tjc

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: Xwl3DsNmN2.exe, type: SAMPLEMatched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown
                  Source: 0.0.Xwl3DsNmN2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown
                  Source: 0.2.Xwl3DsNmN2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike payload Author: ditekSHen
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: CobaltStrike payload Author: ditekSHen
                  Source: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown
                  Source: 00000000.00000000.2076699186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown
                  Source: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
                  Source: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
                  Source: 00000000.00000002.3326164826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike payload Author: ditekSHen
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
                  Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                  Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTRMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
                  Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTRMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_004096C0: DeviceIoControl,0_2_004096C0
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F74A7E CreateProcessAsUserA,GetLastError,GetLastError,GetLastError,CreateProcessA,GetLastError,0_2_02F74A7E
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F97BC00_2_02F97BC0
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F973200_2_02F97320
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F958FD0_2_02F958FD
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F950D10_2_02F950D1
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F948280_2_02F94828
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F859E90_2_02F859E9
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F981900_2_02F98190
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F979450_2_02F97945
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F94CFD0_2_02F94CFD
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F954DD0_2_02F954DD
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F8ADDB0_2_02F8ADDB
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032EA2220_2_032EA222
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032F49240_2_032F4924
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032F41440_2_032F4144
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032F70070_2_032F7007
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032E28760_2_032E2876
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032E4E300_2_032E4E30
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032F45180_2_032F4518
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032F4D440_2_032F4D44
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032F75D70_2_032F75D7
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032F3C6F0_2_032F3C6F
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: String function: 032EA7EB appears 39 times
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: String function: 02F8B3A4 appears 39 times
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325665529.0000000000415000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameab.exeF vs Xwl3DsNmN2.exe
                  Source: Xwl3DsNmN2.exeBinary or memory string: OriginalFilenameab.exeF vs Xwl3DsNmN2.exe
                  Source: Xwl3DsNmN2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: Xwl3DsNmN2.exe, type: SAMPLEMatched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23
                  Source: 0.0.Xwl3DsNmN2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23
                  Source: 0.2.Xwl3DsNmN2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
                  Source: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23
                  Source: 00000000.00000000.2076699186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23
                  Source: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
                  Source: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
                  Source: 00000000.00000002.3326164826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
                  Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                  Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTRMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
                  Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTRMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: Xwl3DsNmN2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@1/2@0/1
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F741CB LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,0_2_02F741CB
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F766BF CreateThread,GetModuleHandleA,GetProcAddress,CreateToolhelp32Snapshot,Thread32First,Thread32Next,Sleep,0_2_02F766BF
                  Source: Xwl3DsNmN2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Xwl3DsNmN2.exeReversingLabs: Detection: 81%
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                  Source: Xwl3DsNmN2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\local0\asf\release\build-2.2.14\support\Release\ab.pdb source: Xwl3DsNmN2.exe

                  Data Obfuscation

                  barindex
                  Yara detected ReflectiveLoader
                  Source: Yara matchFile source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F99B57 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,FreeLibrary,0_2_02F99B57
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_00406C2F push cs; retf 0_2_00406C63
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_00405AC2 push esi; ret 0_2_00405AC5
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_00405CFA push esi; retf 0_2_00405CFB
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_00403B44 push esp; retf 0000h0_2_00403B46
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_00401B25 push ds; retf 0_2_00401B28
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_004035EF push ss; retf 0_2_004035F0
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F8B3E9 push ecx; ret 0_2_02F8B3FC
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F9CBE1 push FFFFFFCBh; retf 0_2_02F9CBE5
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F885D0 push eax; ret 0_2_02F885D7
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032E7A17 push eax; ret 0_2_032E7A1E
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032FB153 push 0000006Ah; retf 0_2_032FB22B
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032FB1BC push 0000006Ah; retf 0_2_032FB22B
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032FB1BA push 0000006Ah; retf 0_2_032FB22B
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032EA830 push ecx; ret 0_2_032EA843
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032E6F03 push edi; ret 0_2_032E6F04
                  Source: Xwl3DsNmN2.exeStatic PE information: section name: .text entropy: 7.0231895913209765
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Contains functionality to detect sleep reduction / modifications
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F736850_2_02F73685
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F77E570_2_02F77E57
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-41677
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-41116
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-41454
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeAPI coverage: 6.4 %
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F77E570_2_02F77E57
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe TID: 320Thread sleep count: 97 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe TID: 320Thread sleep time: -5820000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F75225 _malloc,_memset,_strncmp,GetCurrentDirectoryA,FindFirstFileA,GetLastError,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,0_2_02F75225
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F7A70E _malloc,__snprintf,FindFirstFileA,_malloc,__snprintf,FindNextFileA,FindClose,0_2_02F7A70E
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeThread delayed: delay time: 60000Jump to behavior
                  Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.00000000004E4000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000505000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeAPI call chain: ExitProcess graph end nodegraph_0-41311
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F99375 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,IsDebuggerPresent,_RTC_GetSrcLine,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,DebugBreak,0_2_02F99375
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F99B57 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,FreeLibrary,0_2_02F99B57
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F7ABA0 mov eax, dword ptr fs:[00000030h]0_2_02F7ABA0
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F7B870 mov eax, dword ptr fs:[00000030h]0_2_02F7B870
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032D9FE7 mov eax, dword ptr fs:[00000030h]0_2_032D9FE7
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_032DACB7 mov eax, dword ptr fs:[00000030h]0_2_032DACB7
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F96320 CreateFileA,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_02F96320
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F90331 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_02F90331
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F92950 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_02F92950
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F8C4B2 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_02F8C4B2

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Yara detected Powershell download and execute
                  Source: Yara matchFile source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F7E272 LogonUserA,GetLastError,ImpersonateLoggedOnUser,GetLastError,0_2_02F7E272
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F7E442 GetCurrentProcessId,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_02F7E442
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: GetLocaleInfoA,0_2_02F95EF0
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F7427B CreateNamedPipeA,0_2_02F7427B
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F7386E GetLocalTime,0_2_02F7386E
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F77F09 GetUserNameA,GetComputerNameA,GetModuleFileNameA,_strrchr,GetVersionExA,__snprintf,0_2_02F77F09
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_00406D07 GetTimeZoneInformation,0_2_00406D07
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F77F09 GetUserNameA,GetComputerNameA,GetModuleFileNameA,_strrchr,GetVersionExA,__snprintf,0_2_02F77F09
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Remote Access Functionality

                  barindex
                  Yara detected CobaltStrike
                  Source: Yara matchFile source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTR
                  Source: Yara matchFile source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Metasploit Payload
                  Source: Yara matchFile source: Xwl3DsNmN2.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.Xwl3DsNmN2.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Xwl3DsNmN2.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000000.2076699186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.3326164826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F78699 htonl,htons,socket,closesocket,bind,ioctlsocket,0_2_02F78699
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F785B7 socket,htons,ioctlsocket,closesocket,bind,listen,0_2_02F785B7
                  Source: C:\Users\user\Desktop\Xwl3DsNmN2.exeCode function: 0_2_02F7EDB3 socket,closesocket,htons,bind,listen,0_2_02F7EDB3

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire Infrastructure2
                  Valid Accounts                  		2
                  Native API                  		2
                  Valid Accounts                  		2
                  Valid Accounts                  		2
                  Valid Accounts                  		OS Credential Dumping2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		2
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  DLL Side-Loading                  		21
                  Access Token Manipulation                  		11
                  Virtualization/Sandbox Evasion                  		LSASS Memory1
                  Query Registry                  		Remote Desktop ProtocolData from Removable Media1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  Process Injection                  		21
                  Access Token Manipulation                  		Security Account Manager131
                  Security Software Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                  DLL Side-Loading                  		1
                  Process Injection                  		NTDS11
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture1
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Deobfuscate/Decode Files or Information                  		LSA Secrets1
                  Process Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
                  Obfuscated Files or Information                  		Cached Domain Credentials1
                  Account Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                  Software Packing                  		DCSync1
                  System Owner/User Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  DLL Side-Loading                  		Proc Filesystem1
                  File and Directory Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow14
                  System Information Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Xwl3DsNmN2.exe82%ReversingLabsWin32.Backdoor.Swrort
                  Xwl3DsNmN2.exe100%AviraTR/Patched.Gen2
                  Xwl3DsNmN2.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  		199.232.210.172
                  		truefalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://89.197.154.115:7700/6CqFEOIEZ-_A_cH8pgiUAgokwto4FovQaLCp7IwjfjFOHLmm4PXOb0KwnKkTc0c4DgsIXI1BeciyULKIi1BQYK5r_ag_pWihXw1viMYb3a4ebq8yKbFx_6Ctrue
                      		unknown
                      89.197.154.115true
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://89.197.154.115/Xwl3DsNmN2.exe, 00000000.00000002.3325770193.00000000004E4000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://89.197.154.115:7700/ptjWXwl3DsNmN2.exe, 00000000.00000003.2258428012.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://www.apache.org/licenses/LICENSE-2.0Xwl3DsNmN2.exefalse
                              		unknown
                              https://89.197.154.115:7700/ptjnnlsres.dll.muilXwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://89.197.154.115:7700/ptjhXwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://89.197.154.115:7700/hyXwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://89.197.154.115:7700/ptj-Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://89.197.154.115:7700/ptj0Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://89.197.154.115:7700/Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://89.197.154.115:7700/ptjqXwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://89.197.154.115:7700/ptjsXwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://www.apache.org/Xwl3DsNmN2.exefalse
                                                		unknown
                                                https://89.197.154.115:7700/oftXwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://89.197.154.115:7700/ptj7Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://89.197.154.115:7700/ptjftXwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://89.197.154.115:7700/ptj9Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://89.197.154.115:7700/ptjXwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://89.197.154.115:7700/ptjm32Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://89.197.154.115:7700/MyXwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://89.197.154.115:7700/tjcXwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www.zeustech.net/Xwl3DsNmN2.exefalse
                                                                  		unknown
                                                                  https://89.197.154.115:7700/ptjJXwl3DsNmN2.exe, 00000000.00000003.2258428012.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://89.197.154.115:7700/6CqFEOIEZ-_A_cH8pgiUAgokwto4FovQaLCp7IwjfjFOHLmm4PXOb0KwnKkTc0c4DgsIXI1BXwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000505000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://89.197.154.115:7700/ptjPXwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://127.0.0.1:%u/Xwl3DsNmN2.exe, 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://89.197.154.115:7700/ptj476756634-1003Xwl3DsNmN2.exe, 00000000.00000003.2258428012.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            89.197.154.115
                                                                            		unknownUnited Kingdom
                                                                            		47474VIRTUAL1GBtrue

                                                                            General Information

                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1520459
                                                                            Start date and time:2024-09-27 11:21:10 +02:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 4m 28s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:4
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:Xwl3DsNmN2.exe
                                                                            renamed because original name is a hash value
                                                                            Original Sample Name:f9ded81115c4c75971a6a683782d06ae.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.evad.winEXE@1/2@0/1
                                                                            EGA Information:
                                                                            • Successful, ratio: 100%
                                                                            HCA Information:
                                                                            • Successful, ratio: 93%
                                                                            • Number of executed functions: 17
                                                                            • Number of non-executed functions: 138
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                            • Excluded IPs from analysis (whitelisted): 199.232.210.172
                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • VT rate limit hit for: Xwl3DsNmN2.exe

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            05:22:08API Interceptor98x Sleep call for process: Xwl3DsNmN2.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            89.197.154.115XkObGXcie5.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                            • 89.197.154.115:7700/XTFk

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            bg.microsoft.map.fastly.netU6b3tLFqN5.exeGet hashmaliciousLummaCBrowse
                                                                            • 199.232.210.172
                                                                            https://strato.de-sys.online/HJd9cn-2tRRO-rDZDs-D6p99-HbdYU-wK4oY-FICwzl/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                            • 199.232.214.172
                                                                            Dev_Project.xlsGet hashmaliciousUnknownBrowse
                                                                            • 199.232.210.172
                                                                            https://ojbkjs.vip/yb.jsGet hashmaliciousUnknownBrowse
                                                                            • 199.232.210.172
                                                                            https://jbrizuelablplegal.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                            • 199.232.214.172
                                                                            http://home-103607.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                            • 199.232.214.172
                                                                            SecuriteInfo.com.Trojan.MulDrop28.21322.11416.10977.exeGet hashmaliciousGhostRat, NitolBrowse
                                                                            • 199.232.210.172
                                                                            http://breach-ads-notification.netlify.app/sample-appeal-id856193/Get hashmaliciousUnknownBrowse
                                                                            • 199.232.210.172
                                                                            http://www.dh91l.icu/Get hashmaliciousUnknownBrowse
                                                                            • 199.232.210.172
                                                                            http://brawllstars.ru/Get hashmaliciousHTMLPhisherBrowse
                                                                            • 199.232.214.172

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            VIRTUAL1GBWindows11.exeGet hashmaliciousMetasploitBrowse
                                                                            • 193.117.208.101
                                                                            Trial.batGet hashmaliciousEmpireBrowse
                                                                            • 193.117.208.101
                                                                            Ti1p9tvbSW.exeGet hashmaliciousMetasploitBrowse
                                                                            • 89.197.154.116
                                                                            NUBuymtQ4b.exeGet hashmaliciousMetasploitBrowse
                                                                            • 89.197.154.116
                                                                            ealpZ0zoQi.exeGet hashmaliciousMetasploitBrowse
                                                                            • 89.197.154.116
                                                                            pA826G7Zi6.exeGet hashmaliciousMetasploitBrowse
                                                                            • 89.197.154.116
                                                                            SecuriteInfo.com.Linux.Siggen.9999.18891.22819.elfGet hashmaliciousUnknownBrowse
                                                                            • 89.197.225.199
                                                                            hwveg8aUBB.batGet hashmaliciousMetasploitBrowse
                                                                            • 89.197.154.116
                                                                            kurCc0UDBg.exeGet hashmaliciousMetasploitBrowse
                                                                            • 89.197.154.116
                                                                            kjwGCVKqS3.exeGet hashmaliciousMetasploitBrowse
                                                                            • 89.197.154.116

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Xwl3DsNmN2.exe
                                                                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                            Category:dropped
                                                                            Size (bytes):71954
                                                                            Entropy (8bit):7.996617769952133
                                                                            Encrypted:true
                                                                            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                            Malicious:false
                                                                            Reputation:high, very likely benign file
                                                                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Xwl3DsNmN2.exe
                                                                            File Type:data
                                                                            Category:modified
                                                                            Size (bytes):328
                                                                            Entropy (8bit):3.238004231589766
                                                                            Encrypted:false
                                                                            SSDEEP:6:kKtLL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:MDImsLNkPlE99SNxAhUe/3
                                                                            MD5:A482B3155B6DCE4DB59FF3AA3E2B1D1C
                                                                            SHA1:F6887F7870A0EDFA61CFF4519C5D5BE484CC9478
                                                                            SHA-256:68C9AA81A0B5031D2D4B3F86D14F2FB541FE42F077C72F51E84042506ADD021E
                                                                            SHA-512:885B509B22ACEB4F587A9F000DA50B8BD20EB5ADF5517449BC5E3841FE40030F14CAD8EE4623C2BDEFEE752C2D1A781F35EE9105E8554DD137A8D63CE4A4E4E7
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:p...... .........b^.....(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):6.319983728701006
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:Xwl3DsNmN2.exe
                                                                            File size:73'802 bytes
                                                                            MD5:f9ded81115c4c75971a6a683782d06ae
                                                                            SHA1:03ff74506788b9050e7374a665b00a69405f81dc
                                                                            SHA256:b1ca829cc4b862f66977df476736c624666df294318fd781c41d1d256208cc63
                                                                            SHA512:074be6f93d61e7bccb1b1eb508dd24bd9f3295e81cff25d82cd126fa98c16e58ae4e01a718e55b04f04610e39033424c3ed087b51bd8665d41a9c9d37298e5d9
                                                                            SSDEEP:1536:Iq9gzrB1Aqsgpamstl1f5nt2Gfe9MO50a+RMb+KR0Nc8QsJq39:19KALgEtlt5g3+5e0Nc8QsC9
                                                                            TLSH:AD73CF42DDC84462C596123D277936799974F9FB3216C29B798CCEF4DBC18B0A2263C7
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8...Y...Y...Y...E...Y..TE...Y...F...Y...F...Y...Y...Y..TQ...Y...z...Y..._...Y..Rich.Y..................PE..L...i..J...........

                                                                            File Icon

                                                                            Icon Hash:00928e8e8686b000

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x406f4a
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                            DLL Characteristics:
                                                                            Time Stamp:0x4A84B569 [Fri Aug 14 00:52:57 2009 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:481f47bbb2c9c21e108d65f52b04c448

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            lahf
                                                                            inc ebx
                                                                            cwde
                                                                            inc eax
                                                                            cwde
                                                                            daa
                                                                            std
                                                                            lahf
                                                                            das
                                                                            lahf
                                                                            cwde
                                                                            daa
                                                                            salc
                                                                            clc
                                                                            wait
                                                                            inc eax
                                                                            daa
                                                                            dec ecx
                                                                            inc eax
                                                                            clc
                                                                            inc eax
                                                                            inc edx
                                                                            nop
                                                                            xchg eax, edx
                                                                            xchg eax, ecx
                                                                            dec edx
                                                                            cdq
                                                                            stc
                                                                            clc
                                                                            xchg eax, ecx
                                                                            xchg eax, ecx
                                                                            cld
                                                                            daa
                                                                            clc
                                                                            cdq
                                                                            aas
                                                                            dec eax
                                                                            cmc
                                                                            dec ebx
                                                                            inc edx
                                                                            stc
                                                                            das
                                                                            cmc
                                                                            stc
                                                                            inc ecx
                                                                            salc
                                                                            aaa
                                                                            inc eax
                                                                            aas
                                                                            dec ebx
                                                                            clc
                                                                            wait
                                                                            cld
                                                                            wait
                                                                            lahf
                                                                            stc
                                                                            lahf
                                                                            nop
                                                                            stc
                                                                            clc
                                                                            dec edx
                                                                            inc edx
                                                                            aas
                                                                            lahf
                                                                            aas
                                                                            jmp 00007FD665627A44h
                                                                            je 00007FD665624C62h
                                                                            rol byte ptr [ebx+5E5F18C4h], 0000005Dh
                                                                            retn 0018h
                                                                            nop
                                                                            fist word ptr [eax-1374AA70h]
                                                                            mov ah, ECh
                                                                            and al, 53h
                                                                            push esi
                                                                            mov ebp, ecx
                                                                            or al, 33h
                                                                            fcmovne st(0), st(5)
                                                                            push edi
                                                                            mov dword ptr [ebp-0Ch], esi
                                                                            sub al, 1Bh
                                                                            mov esi, 2D40DC40h
                                                                            mov al, byte ptr [esi]
                                                                            cmp al, 30h
                                                                            jl 00007FD60C63481Fh
                                                                            cmp al, 39h

                                                                            Rich Headers

                                                                            Programming Language:
                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xc76c0x78.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x150000x7c8.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xc1e00x1c.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0xc0000x1e0.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000xa9660xb000d1f7488cfca0d988575d39ded264723aFalse0.817626953125data7.0231895913209765IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0xc0000xfe60x100025d7ceee3aa85bb3e8c5174736f6f830False0.46142578125DOS executable (COM, 0x8C-variant)5.318390353744998IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0xd0000x705c0x4000283b5f792323d57b9db4d2bcc46580f8False0.25634765625Matlab v4 mat-file (little endian) d, numeric, rows 0, columns 04.407841023203495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0x150000x7c80x1000c13a9413aea7291b6fc85d75bfcde381False0.197998046875data1.958296025171192IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_VERSION0x150600x768dataEnglishUnited States0.40189873417721517

                                                                            Imports

                                                                            DLLImport
                                                                            MSVCRT.dll_iob, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __p___initenv, _XcptFilter, _exit, _onexit, __dllonexit, strrchr, wcsncmp, _close, wcslen, wcscpy, strerror, modf, strspn, realloc, __p__environ, __p__wenviron, _errno, free, strncmp, strstr, strncpy, _ftol, qsort, fopen, perror, fclose, fflush, calloc, malloc, signal, printf, _isctype, atoi, exit, __mb_cur_max, _pctype, strchr, fprintf, _controlfp, _strdup, _strnicmp
                                                                            KERNEL32.dllPeekNamedPipe, ReadFile, WriteFile, LoadLibraryA, GetProcAddress, GetVersionExA, GetExitCodeProcess, TerminateProcess, LeaveCriticalSection, SetEvent, ReleaseMutex, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, CreateMutexA, GetFileType, SetLastError, FreeEnvironmentStringsW, GetEnvironmentStringsW, GlobalFree, GetCommandLineW, TlsAlloc, TlsFree, DuplicateHandle, GetCurrentProcess, SetHandleInformation, CloseHandle, GetSystemTimeAsFileTime, FileTimeToSystemTime, GetTimeZoneInformation, FileTimeToLocalFileTime, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, Sleep, FormatMessageA, GetLastError, WaitForSingleObject, CreateEventA, SetStdHandle, SetFilePointer, CreateFileA, CreateFileW, GetOverlappedResult, DeviceIoControl, GetFileInformationByHandle, LocalFree
                                                                            ADVAPI32.dllFreeSid, AllocateAndInitializeSid
                                                                            WSOCK32.dllgetsockopt, connect, htons, gethostbyname, ntohl, inet_ntoa, setsockopt, socket, closesocket, select, ioctlsocket, __WSAFDIsSet, WSAStartup, WSACleanup, WSAGetLastError
                                                                            WS2_32.dllWSARecv, WSASend

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2024-09-27T11:22:05.671039+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54970489.197.154.1157700TCP
                                                                            2024-09-27T11:22:07.116408+02002035651ET MALWARE Meterpreter or Other Reverse Shell SSL Cert189.197.154.1157700192.168.2.549704TCP
                                                                            2024-09-27T11:22:08.590221+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54970689.197.154.1157700TCP
                                                                            2024-09-27T11:22:10.665565+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54970789.197.154.1157700TCP
                                                                            2024-09-27T11:22:12.066137+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54970889.197.154.1157700TCP
                                                                            2024-09-27T11:22:13.398731+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54970989.197.154.1157700TCP
                                                                            2024-09-27T11:22:14.544416+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54971089.197.154.1157700TCP
                                                                            2024-09-27T11:22:15.878321+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54971189.197.154.1157700TCP
                                                                            2024-09-27T11:22:17.025428+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54971289.197.154.1157700TCP
                                                                            2024-09-27T11:22:18.170028+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54971389.197.154.1157700TCP
                                                                            2024-09-27T11:22:19.313183+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54971489.197.154.1157700TCP
                                                                            2024-09-27T11:22:20.464374+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54971589.197.154.1157700TCP
                                                                            2024-09-27T11:22:21.614519+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54971689.197.154.1157700TCP
                                                                            2024-09-27T11:22:22.763590+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54972089.197.154.1157700TCP
                                                                            2024-09-27T11:22:23.992628+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54972489.197.154.1157700TCP
                                                                            2024-09-27T11:22:25.138821+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54972689.197.154.1157700TCP
                                                                            2024-09-27T11:22:27.228356+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54972789.197.154.1157700TCP
                                                                            2024-09-27T11:22:28.347702+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54972889.197.154.1157700TCP
                                                                            2024-09-27T11:22:29.593015+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54972989.197.154.1157700TCP
                                                                            2024-09-27T11:22:30.749595+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54973089.197.154.1157700TCP
                                                                            2024-09-27T11:22:31.880001+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54973189.197.154.1157700TCP
                                                                            2024-09-27T11:22:33.079659+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54973289.197.154.1157700TCP
                                                                            2024-09-27T11:22:34.371843+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54973389.197.154.1157700TCP
                                                                            2024-09-27T11:22:35.395789+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54973489.197.154.1157700TCP
                                                                            2024-09-27T11:22:36.520525+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54973589.197.154.1157700TCP
                                                                            2024-09-27T11:22:37.676684+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54973689.197.154.1157700TCP
                                                                            2024-09-27T11:22:39.390127+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54973789.197.154.1157700TCP
                                                                            2024-09-27T11:22:40.575720+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54973889.197.154.1157700TCP
                                                                            2024-09-27T11:22:41.709289+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54973989.197.154.1157700TCP
                                                                            2024-09-27T11:22:42.872687+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54974089.197.154.1157700TCP
                                                                            2024-09-27T11:22:44.028888+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54974189.197.154.1157700TCP
                                                                            2024-09-27T11:22:45.167708+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54974289.197.154.1157700TCP
                                                                            2024-09-27T11:22:46.338682+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54974389.197.154.1157700TCP
                                                                            2024-09-27T11:22:47.474762+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54974489.197.154.1157700TCP
                                                                            2024-09-27T11:22:49.181174+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54974589.197.154.1157700TCP
                                                                            2024-09-27T11:22:50.214234+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54974689.197.154.1157700TCP
                                                                            2024-09-27T11:22:51.495245+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54974789.197.154.1157700TCP
                                                                            2024-09-27T11:22:52.627819+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54974889.197.154.1157700TCP
                                                                            2024-09-27T11:22:53.772352+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54974989.197.154.1157700TCP
                                                                            2024-09-27T11:22:55.055945+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54975089.197.154.1157700TCP
                                                                            2024-09-27T11:22:56.190709+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54975189.197.154.1157700TCP
                                                                            2024-09-27T11:22:57.398856+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54975289.197.154.1157700TCP
                                                                            2024-09-27T11:22:58.547735+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54975389.197.154.1157700TCP
                                                                            2024-09-27T11:22:59.699622+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54975489.197.154.1157700TCP
                                                                            2024-09-27T11:23:00.840427+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54975689.197.154.1157700TCP
                                                                            2024-09-27T11:23:02.094782+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54975789.197.154.1157700TCP
                                                                            2024-09-27T11:23:03.222887+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54975889.197.154.1157700TCP
                                                                            2024-09-27T11:23:04.406426+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54975989.197.154.1157700TCP
                                                                            2024-09-27T11:23:05.540974+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976089.197.154.1157700TCP
                                                                            2024-09-27T11:23:06.707783+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976189.197.154.1157700TCP
                                                                            2024-09-27T11:23:07.859728+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976289.197.154.1157700TCP
                                                                            2024-09-27T11:23:09.022723+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976389.197.154.1157700TCP
                                                                            2024-09-27T11:23:10.163407+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976489.197.154.1157700TCP
                                                                            2024-09-27T11:23:11.306297+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976589.197.154.1157700TCP
                                                                            2024-09-27T11:23:12.593916+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976689.197.154.1157700TCP
                                                                            2024-09-27T11:23:13.749790+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976789.197.154.1157700TCP
                                                                            2024-09-27T11:23:14.905825+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976889.197.154.1157700TCP
                                                                            2024-09-27T11:23:16.036943+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54976989.197.154.1157700TCP
                                                                            2024-09-27T11:23:17.159864+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977089.197.154.1157700TCP
                                                                            2024-09-27T11:23:18.291952+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977189.197.154.1157700TCP
                                                                            2024-09-27T11:23:19.444191+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977289.197.154.1157700TCP
                                                                            2024-09-27T11:23:20.779670+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977389.197.154.1157700TCP
                                                                            2024-09-27T11:23:21.867370+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977489.197.154.1157700TCP
                                                                            2024-09-27T11:23:23.001436+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977589.197.154.1157700TCP
                                                                            2024-09-27T11:23:24.210972+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977689.197.154.1157700TCP
                                                                            2024-09-27T11:23:26.347532+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977789.197.154.1157700TCP
                                                                            2024-09-27T11:23:27.348860+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977889.197.154.1157700TCP
                                                                            2024-09-27T11:23:28.736438+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54977989.197.154.1157700TCP
                                                                            2024-09-27T11:23:29.872216+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978089.197.154.1157700TCP
                                                                            2024-09-27T11:23:31.186316+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978189.197.154.1157700TCP
                                                                            2024-09-27T11:23:32.338236+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978289.197.154.1157700TCP
                                                                            2024-09-27T11:23:33.472863+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978389.197.154.1157700TCP
                                                                            2024-09-27T11:23:35.442709+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978489.197.154.1157700TCP
                                                                            2024-09-27T11:23:36.570875+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978589.197.154.1157700TCP
                                                                            2024-09-27T11:23:37.898402+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978689.197.154.1157700TCP
                                                                            2024-09-27T11:23:39.035897+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978789.197.154.1157700TCP
                                                                            2024-09-27T11:23:40.188364+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978889.197.154.1157700TCP
                                                                            2024-09-27T11:23:42.270266+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54978989.197.154.1157700TCP
                                                                            2024-09-27T11:23:43.394515+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979089.197.154.1157700TCP
                                                                            2024-09-27T11:23:44.515002+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979189.197.154.1157700TCP
                                                                            2024-09-27T11:23:45.673987+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979289.197.154.1157700TCP
                                                                            2024-09-27T11:23:46.820368+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979389.197.154.1157700TCP
                                                                            2024-09-27T11:23:47.950903+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979489.197.154.1157700TCP
                                                                            2024-09-27T11:23:49.100970+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979589.197.154.1157700TCP
                                                                            2024-09-27T11:23:50.265045+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979689.197.154.1157700TCP
                                                                            2024-09-27T11:23:51.413608+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979789.197.154.1157700TCP
                                                                            2024-09-27T11:23:52.556701+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979889.197.154.1157700TCP
                                                                            2024-09-27T11:23:53.691817+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54979989.197.154.1157700TCP
                                                                            2024-09-27T11:23:54.816643+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980089.197.154.1157700TCP
                                                                            2024-09-27T11:23:55.959557+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980189.197.154.1157700TCP
                                                                            2024-09-27T11:23:57.116044+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980289.197.154.1157700TCP
                                                                            2024-09-27T11:23:58.248029+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980389.197.154.1157700TCP
                                                                            2024-09-27T11:23:59.377491+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980489.197.154.1157700TCP
                                                                            2024-09-27T11:24:00.524474+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980589.197.154.1157700TCP
                                                                            2024-09-27T11:24:01.670807+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980689.197.154.1157700TCP
                                                                            2024-09-27T11:24:03.883018+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980789.197.154.1157700TCP
                                                                            2024-09-27T11:24:05.032852+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980889.197.154.1157700TCP
                                                                            2024-09-27T11:24:06.165769+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54980989.197.154.1157700TCP
                                                                            2024-09-27T11:24:07.289161+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54981089.197.154.1157700TCP
                                                                            2024-09-27T11:24:08.425246+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54981189.197.154.1157700TCP
                                                                            2024-09-27T11:24:09.569184+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.54981289.197.154.1157700TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Sep 27, 2024 11:22:05.033098936 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:05.038105011 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:05.038199902 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:05.047487974 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:05.052395105 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:05.670919895 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:05.671039104 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:05.808423996 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:05.808809996 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.111243963 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.116408110 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.284014940 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.284149885 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.407691956 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.407748938 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.410808086 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.415697098 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.587017059 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.587161064 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.587577105 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.587590933 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.587604046 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.587636948 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.587683916 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.589019060 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.589031935 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.589076996 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.589370012 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.589421034 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.589744091 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.589818001 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.590100050 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.590111017 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.590122938 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.590135098 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.590147972 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.590166092 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.590187073 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.590831041 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.590882063 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.658020020 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.658137083 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.658513069 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.658526897 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.658595085 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.675702095 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.675904989 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.676000118 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.676011086 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.676053047 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.676161051 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.676172972 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.676220894 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.676892042 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.676903963 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.676944017 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.677154064 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.677201033 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.677334070 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.677380085 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.677686930 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.677731991 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.677879095 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.677894115 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.677926064 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.677942038 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.678632975 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.678644896 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.678654909 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.678754091 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.679409981 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.679421902 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.679433107 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.679461002 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.679476023 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.679986000 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.679997921 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.680007935 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.680032969 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.680063009 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.680854082 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.680866957 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.680903912 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.748555899 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.748670101 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.748682976 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.748714924 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.748852015 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.749159098 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.749213934 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.749259949 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.749313116 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.749502897 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.749568939 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.765235901 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.765352964 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.765366077 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.765387058 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.765445948 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.765835047 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.765850067 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.765889883 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.766269922 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.766282082 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.766324043 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.766762972 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.766774893 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.766786098 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.766815901 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.766828060 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.767544031 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.767554998 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.767565966 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.767592907 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.767621040 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.768323898 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.768341064 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.768374920 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.768392086 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.768611908 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.768625021 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.768665075 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.769170046 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.769181967 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.769195080 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.769220114 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.769243002 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.769968033 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.769982100 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.769993067 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.770015955 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.770042896 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.770807028 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.770819902 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.770831108 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.770843029 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.770859957 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.770889044 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.771626949 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.771640062 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.771651983 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.771676064 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.771697044 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.772484064 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.772499084 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.772510052 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.772537947 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.772566080 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.773133993 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.773145914 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.773156881 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.773169041 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.773179054 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.773205996 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.773226976 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.774045944 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.774059057 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.774070024 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.774080992 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.774104118 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.774116993 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.774863958 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.774877071 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.774919987 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.839257002 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.839348078 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.839360952 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.839361906 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.839423895 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.839442015 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.839657068 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.839673042 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.839708090 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.839730024 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.840076923 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.840126991 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.840327978 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.840341091 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.840380907 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.855756044 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.855839014 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.855849981 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.855868101 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.855906963 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.856138945 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.856152058 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.856194019 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.856595039 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.856606007 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.856618881 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.856646061 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.856657982 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.857184887 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.857197046 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.857239962 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.857490063 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.857506990 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.857542038 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.857553005 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.857959032 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.857970953 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.857981920 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.857992887 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.858006954 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.858040094 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.858973026 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.858988047 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.858998060 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.859011889 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.859023094 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.859033108 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.859034061 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.859044075 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.859076023 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.859903097 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.859915972 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.859926939 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.859937906 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.859963894 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.859981060 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.860915899 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.860929012 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.860939026 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.860951900 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.860979080 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.860991001 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.861939907 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.861953020 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.861963034 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.861974955 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.861984968 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.862004042 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.862030029 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.862879038 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.862891912 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.862907887 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.862920046 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.862936974 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.862960100 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.863699913 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.863713026 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.863723993 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.863734961 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.863744974 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.863755941 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.863755941 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.863770008 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.863790989 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.864677906 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.864697933 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.864707947 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.864718914 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.864728928 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.864731073 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.864768982 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.865709066 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.865722895 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.865734100 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.865746021 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.865756035 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.865762949 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.865767956 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.865782022 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.865809917 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.866671085 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.866683960 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.866694927 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.866704941 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.866714954 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.866720915 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.866744995 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.866760969 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.867687941 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.867702007 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.867713928 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.867726088 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.867738008 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.867743015 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.867769003 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.867798090 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.868649006 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.868662119 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.868673086 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.868684053 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.868694067 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.868705988 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.868710041 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.868737936 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.868755102 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.869626045 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.869640112 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.869651079 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.869663000 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.869685888 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.869714975 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.929814100 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.929965019 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.930037022 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.930049896 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.930110931 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.930128098 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.930267096 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.930279016 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.930290937 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.930301905 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.930315971 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.930340052 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.930368900 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.931015015 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.931035995 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.931071043 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.931081057 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.931252956 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.931265116 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.931274891 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.931288958 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.931298971 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.931332111 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.946563959 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.946607113 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.946619987 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.946646929 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.946671963 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.947002888 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.947016001 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.947030067 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.947043896 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.947077036 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.947101116 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.947820902 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.947834015 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.947845936 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.947858095 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.947874069 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.947899103 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.948376894 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.948390007 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.948400974 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.948412895 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.948436975 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.948457956 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.949196100 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.949209929 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.949220896 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.949232101 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.949259996 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.949279070 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.950033903 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.950047970 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.950059891 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.950071096 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.950082064 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.950090885 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.950115919 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.950124025 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.951798916 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.951812983 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.951823950 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.951833963 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.951848984 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.951869965 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.951900005 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.963978052 CEST497047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.970315933 CEST77004970489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:07.994101048 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:07.999965906 CEST77004970689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:08.000051022 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:08.000474930 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:08.000474930 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:08.006082058 CEST77004970689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:08.006112099 CEST77004970689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:08.590133905 CEST77004970689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:08.590220928 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:08.719110966 CEST77004970689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:08.719224930 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:08.719950914 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:08.721472025 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:08.724781990 CEST77004970689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:08.726294041 CEST77004970689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:09.011395931 CEST77004970689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:09.011420012 CEST77004970689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:09.011531115 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:09.011694908 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:09.013128996 CEST497067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:09.017878056 CEST77004970689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:09.132544994 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:10.072741032 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:10.072947025 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:10.073468924 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:10.078237057 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:10.665359974 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:10.665565014 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:10.795326948 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:10.795502901 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:10.796065092 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:10.797705889 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:10.801377058 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:10.802498102 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:11.345716953 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:11.345741987 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:11.345755100 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:11.345772028 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:11.345921993 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:11.345921993 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:11.346232891 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:11.346292019 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:11.346415043 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:11.346441031 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:11.350709915 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:11.350779057 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:11.351121902 CEST77004970789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:11.351171017 CEST497077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:11.455199957 CEST497087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:11.460150003 CEST77004970889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:11.460424900 CEST497087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:11.460724115 CEST497087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:11.465507984 CEST77004970889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:12.065880060 CEST77004970889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:12.066137075 CEST497087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:12.199171066 CEST77004970889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:12.199259043 CEST497087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:12.232623100 CEST497087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:12.233288050 CEST497087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:12.237591028 CEST77004970889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:12.238032103 CEST77004970889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:12.674746037 CEST77004970889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:12.674768925 CEST77004970889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:12.674777985 CEST77004970889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:12.674873114 CEST497087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:12.675175905 CEST497087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:12.679944992 CEST77004970889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:12.784157991 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:12.789115906 CEST77004970989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:12.789239883 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:12.795548916 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:12.800312042 CEST77004970989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:13.398514986 CEST77004970989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:13.398730993 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.532097101 CEST77004970989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:13.532206059 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.532715082 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.533899069 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.539489985 CEST77004970989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:13.540122986 CEST77004970989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:13.828423023 CEST77004970989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:13.828449965 CEST77004970989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:13.828519106 CEST77004970989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:13.828646898 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.828980923 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.829022884 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.833803892 CEST77004970989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:13.833870888 CEST497097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.939331055 CEST497107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.944715023 CEST77004971089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:13.944850922 CEST497107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.945135117 CEST497107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:13.950876951 CEST77004971089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:14.544286013 CEST77004971089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:14.544415951 CEST497107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:14.672369003 CEST77004971089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:14.672429085 CEST497107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:14.672893047 CEST497107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:14.674415112 CEST497107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:14.677747965 CEST77004971089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:14.679179907 CEST77004971089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:14.976280928 CEST77004971089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:14.976387978 CEST77004971089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:14.976425886 CEST497107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:14.976491928 CEST497107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:14.976727962 CEST497107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:14.983408928 CEST77004971089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:15.079950094 CEST497117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:15.268795013 CEST77004971189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:15.268922091 CEST497117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:15.270224094 CEST497117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:15.275060892 CEST77004971189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:15.878170013 CEST77004971189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:15.878320932 CEST497117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:16.015288115 CEST77004971189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:16.015556097 CEST497117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:16.016027927 CEST497117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:16.017596006 CEST497117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:16.020863056 CEST77004971189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:16.022408009 CEST77004971189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:16.312803030 CEST77004971189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:16.313029051 CEST497117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:16.313308001 CEST77004971189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:16.313517094 CEST497117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:16.426105022 CEST497127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:16.431215048 CEST77004971289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:16.431313038 CEST497127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:16.431747913 CEST497127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:16.436568975 CEST77004971289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:17.025239944 CEST77004971289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:17.025428057 CEST497127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:17.154275894 CEST77004971289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:17.154364109 CEST497127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:17.154854059 CEST497127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:17.156107903 CEST497127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:17.159668922 CEST77004971289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:17.160950899 CEST77004971289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:17.449326992 CEST77004971289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:17.449387074 CEST77004971289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:17.449503899 CEST497127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:17.449959993 CEST497127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:17.449959993 CEST497127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:17.455024958 CEST77004971289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:17.564613104 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:17.570372105 CEST77004971389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:17.570477962 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:17.571099997 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:17.576232910 CEST77004971389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:18.169945002 CEST77004971389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:18.170027971 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.300997972 CEST77004971389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:18.301119089 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.302736998 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.305402994 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.307950020 CEST77004971389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:18.310789108 CEST77004971389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:18.598670006 CEST77004971389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:18.598777056 CEST77004971389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:18.598819017 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.598853111 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.598922968 CEST77004971389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:18.598969936 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.599199057 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.599221945 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.603998899 CEST77004971389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:18.604091883 CEST497137700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.711234093 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.720894098 CEST77004971489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:18.721025944 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.723589897 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:18.728846073 CEST77004971489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:19.313071012 CEST77004971489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:19.313183069 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.447154999 CEST77004971489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:19.447339058 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.447902918 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.449340105 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.452627897 CEST77004971489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:19.454137087 CEST77004971489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:19.736634970 CEST77004971489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:19.736701012 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.737207890 CEST77004971489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:19.737251043 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.737940073 CEST77004971489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:19.737989902 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.849908113 CEST497117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.850431919 CEST497157700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.854715109 CEST77004971189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:19.855206966 CEST77004971589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:19.855273962 CEST497157700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.855509043 CEST497157700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:19.860372066 CEST77004971589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:20.464253902 CEST77004971589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:20.464374065 CEST497157700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:20.595613003 CEST77004971589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:20.595736980 CEST497157700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:20.596051931 CEST497157700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:20.597434044 CEST497157700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:20.601701975 CEST77004971589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:20.603091002 CEST77004971589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:20.892291069 CEST77004971589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:20.892375946 CEST497157700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:20.892524958 CEST77004971589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:20.892597914 CEST497157700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.003041029 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.003072023 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.003525019 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.008398056 CEST77004971489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:21.008445024 CEST77004971689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:21.008471966 CEST497147700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.008528948 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.008817911 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.013608932 CEST77004971689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:21.614379883 CEST77004971689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:21.614518881 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.748424053 CEST77004971689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:21.748476028 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.749114037 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.751007080 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:21.753896952 CEST77004971689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:21.755896091 CEST77004971689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:22.040949106 CEST77004971689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:22.041001081 CEST77004971689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:22.041022062 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.041090012 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.041131973 CEST77004971689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:22.041176081 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.041275978 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.041300058 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.047317028 CEST77004971689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:22.047373056 CEST497167700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.142496109 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.147695065 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:22.147779942 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.148085117 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.152936935 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:22.763499975 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:22.763590097 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.898938894 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:22.899027109 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.899399996 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.905054092 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:22.952961922 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:22.957904100 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:23.239250898 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:23.239262104 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:23.239274979 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:23.239298105 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:23.239336967 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:23.239367008 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:23.254246950 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:23.254276991 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:23.259174109 CEST77004972089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:23.259264946 CEST497207700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:23.362588882 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:23.367633104 CEST77004972489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:23.367850065 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:23.368449926 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:23.373286963 CEST77004972489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:23.992556095 CEST77004972489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:23.992628098 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.132853031 CEST77004972489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:24.132960081 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.133457899 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.138330936 CEST77004972489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:24.140331984 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.145191908 CEST77004972489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:24.431633949 CEST77004972489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:24.431711912 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.431901932 CEST77004972489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:24.431953907 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.431994915 CEST77004972489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:24.432080030 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.533857107 CEST497157700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.534651041 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.538752079 CEST77004971589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:24.539490938 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:24.542730093 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.543337107 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:24.548113108 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:25.138732910 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:25.138820887 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:25.269045115 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:25.269124985 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:25.269552946 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:25.275496006 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:25.276844978 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:25.283363104 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:26.518191099 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:26.518246889 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:26.518285036 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:26.518311024 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:26.518394947 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:26.518449068 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:26.518449068 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:26.518449068 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:26.518467903 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:26.518680096 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:26.518884897 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:26.518913984 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:26.524446011 CEST77004972689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:26.526926994 CEST497267700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:26.627161980 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:26.633200884 CEST77004972789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:26.636794090 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:26.637096882 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:26.641901970 CEST77004972789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:27.228246927 CEST77004972789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:27.228355885 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.357671976 CEST77004972789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:27.357827902 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.358233929 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.359841108 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.363125086 CEST77004972789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:27.365514994 CEST77004972789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:27.647797108 CEST77004972789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:27.647870064 CEST77004972789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:27.647986889 CEST77004972789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:27.648072958 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.648073912 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.648468018 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.648468971 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.648510933 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.653386116 CEST77004972789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:27.653460026 CEST497277700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.751851082 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.756664991 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:27.756772995 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.757103920 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:27.761929035 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.347552061 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.347702026 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.475249052 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.475321054 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.475786924 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.477355003 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.482326031 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.483457088 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.854012012 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.854032040 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.854043007 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.854074001 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.854171038 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.854419947 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.854419947 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.854435921 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.859179020 CEST77004972889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.859249115 CEST497287700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.970581055 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.975681067 CEST77004972989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:28.975825071 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.976099968 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:28.986831903 CEST77004972989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:29.592791080 CEST77004972989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:29.593014956 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:29.724863052 CEST77004972989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:29.725017071 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:29.725529909 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:29.726736069 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:29.731476068 CEST77004972989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:29.731600046 CEST77004972989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:30.019808054 CEST77004972989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:30.019923925 CEST77004972989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:30.020085096 CEST77004972989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:30.021047115 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.021047115 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.021047115 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.021048069 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.021816015 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.027267933 CEST77004972989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:30.027410030 CEST497297700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.142484903 CEST497307700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.148895025 CEST77004973089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:30.149058104 CEST497307700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.149455070 CEST497307700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.155051947 CEST77004973089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:30.749439955 CEST77004973089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:30.749594927 CEST497307700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.879714012 CEST77004973089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:30.879844904 CEST497307700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.880229950 CEST497307700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.881565094 CEST497307700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:30.885032892 CEST77004973089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:30.886461020 CEST77004973089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:31.172805071 CEST77004973089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:31.173125982 CEST77004973089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:31.173156977 CEST497307700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:31.173181057 CEST497307700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:31.173532963 CEST497307700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:31.178356886 CEST77004973089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:31.283171892 CEST497317700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:31.288212061 CEST77004973189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:31.288357019 CEST497317700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:31.288713932 CEST497317700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:31.293724060 CEST77004973189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:31.879810095 CEST77004973189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:31.880001068 CEST497317700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:32.007663965 CEST77004973189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:32.007822037 CEST497317700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:32.008322954 CEST497317700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:32.009624004 CEST497317700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:32.013212919 CEST77004973189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:32.014410973 CEST77004973189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:32.299175024 CEST77004973189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:32.299249887 CEST497317700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:32.299264908 CEST77004973189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:32.299308062 CEST497317700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:32.299483061 CEST497317700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:32.304280996 CEST77004973189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:32.408253908 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:32.413045883 CEST77004973289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:32.413155079 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:32.413465977 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:32.418267965 CEST77004973289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:33.079571962 CEST77004973289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:33.079658985 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.155122995 CEST77004973289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:33.155278921 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.155678988 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.157030106 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.160480022 CEST77004973289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:33.161832094 CEST77004973289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:33.457123041 CEST77004973289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:33.457288980 CEST77004973289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:33.457323074 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.457355976 CEST77004973289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:33.457360029 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.457400084 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.457704067 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.457731009 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.462409019 CEST77004973289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:33.462481976 CEST497327700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.564646006 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.569555044 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:33.569715023 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.570326090 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:33.575187922 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.371651888 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.371843100 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.373195887 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.373210907 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.373306036 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.394941092 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.396394014 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.399837971 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.401211977 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.684081078 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.684161901 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.684474945 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.684523106 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.684526920 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.684573889 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.798630953 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.798672915 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.799364090 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.803898096 CEST77004972489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.804002047 CEST497247700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.804373980 CEST77004973489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:34.804466963 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.804817915 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:34.809732914 CEST77004973489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:35.395692110 CEST77004973489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:35.395788908 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.523279905 CEST77004973489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:35.523459911 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.524262905 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.526132107 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.529083014 CEST77004973489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:35.531022072 CEST77004973489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:35.817362070 CEST77004973489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:35.817409039 CEST77004973489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:35.817477942 CEST77004973489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:35.817536116 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.817564011 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.817967892 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.817998886 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.823542118 CEST77004973489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:35.825727940 CEST497347700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.923882961 CEST497357700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.928803921 CEST77004973589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:35.928924084 CEST497357700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.929351091 CEST497357700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:35.934283018 CEST77004973589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:36.520433903 CEST77004973589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:36.520524979 CEST497357700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:36.647361994 CEST77004973589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:36.647464991 CEST497357700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:36.659099102 CEST497357700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:36.661480904 CEST497357700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:36.664122105 CEST77004973589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:36.666292906 CEST77004973589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:36.950325966 CEST77004973589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:36.950412035 CEST77004973589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:36.950624943 CEST497357700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:36.951095104 CEST497357700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:36.955944061 CEST77004973589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:37.080410957 CEST497367700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:37.085211992 CEST77004973689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:37.085315943 CEST497367700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:37.088475943 CEST497367700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:37.093369961 CEST77004973689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:37.676562071 CEST77004973689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:37.676683903 CEST497367700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:37.807284117 CEST77004973689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:37.807471991 CEST497367700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:37.808029890 CEST497367700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:37.809444904 CEST497367700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:37.812850952 CEST77004973689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:37.814305067 CEST77004973689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:38.101586103 CEST77004973689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:38.101651907 CEST77004973689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:38.101722956 CEST497367700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:38.101779938 CEST497367700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:38.102194071 CEST497367700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:38.106973886 CEST77004973689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:38.205387115 CEST497377700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:38.210376024 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:38.210553885 CEST497377700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:38.211011887 CEST497377700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:38.215893030 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.389878988 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.389950991 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.389981985 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.390126944 CEST497377700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:39.390126944 CEST497377700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:39.391146898 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.391202927 CEST497377700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:39.400302887 CEST497377700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:39.402041912 CEST497377700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:39.405109882 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.406855106 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.690478086 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.690501928 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.690725088 CEST497377700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:39.828130007 CEST497377700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:39.832979918 CEST77004973789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.961606979 CEST497387700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:39.966670036 CEST77004973889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:39.966756105 CEST497387700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:39.971223116 CEST497387700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:39.976115942 CEST77004973889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:40.575645924 CEST77004973889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:40.575720072 CEST497387700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:40.707354069 CEST77004973889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:40.707513094 CEST497387700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:40.707865953 CEST497387700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:40.709065914 CEST497387700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:40.712686062 CEST77004973889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:40.713876963 CEST77004973889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:41.003149986 CEST77004973889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:41.003293991 CEST497387700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.003581047 CEST77004973889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:41.003643990 CEST497387700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.110987902 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.111040115 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.111475945 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.115860939 CEST77004973389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:41.115921021 CEST497337700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.116328955 CEST77004973989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:41.116400957 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.116708994 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.122797966 CEST77004973989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:41.709223986 CEST77004973989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:41.709289074 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.836745977 CEST77004973989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:41.836889982 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.837204933 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.838488102 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:41.843926907 CEST77004973989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:41.845590115 CEST77004973989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:42.133502007 CEST77004973989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:42.133546114 CEST77004973989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:42.133557081 CEST77004973989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:42.133618116 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:42.133642912 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:42.133939981 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:42.133965969 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:42.138693094 CEST77004973989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:42.138751030 CEST497397700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:42.242842913 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:42.248613119 CEST77004974089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:42.248713017 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:42.253370047 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:42.260644913 CEST77004974089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:42.872586966 CEST77004974089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:42.872687101 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.005599976 CEST77004974089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:43.005743027 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.006135941 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.007402897 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.014970064 CEST77004974089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:43.018634081 CEST77004974089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:43.306117058 CEST77004974089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:43.306200981 CEST77004974089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:43.306214094 CEST77004974089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:43.306231976 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.306271076 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.306271076 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.306545019 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.306570053 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.311597109 CEST77004974089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:43.311671972 CEST497407700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.408065081 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.413213015 CEST77004974189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:43.413306952 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.413549900 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:43.418780088 CEST77004974189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:44.028712988 CEST77004974189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:44.028887987 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.145169973 CEST77004974189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:44.145241022 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.145610094 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.146909952 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.150377989 CEST77004974189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:44.151748896 CEST77004974189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:44.438961029 CEST77004974189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:44.439066887 CEST77004974189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:44.439110994 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.439143896 CEST77004974189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:44.439167976 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.439203024 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.439455032 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.439487934 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.444236040 CEST77004974189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:44.444312096 CEST497417700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.549108028 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.554114103 CEST77004974289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:44.554229975 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.554574966 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:44.559367895 CEST77004974289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:45.167628050 CEST77004974289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:45.167707920 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.297261000 CEST77004974289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:45.297348022 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.297657013 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.298989058 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.302412987 CEST77004974289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:45.303782940 CEST77004974289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:45.593842983 CEST77004974289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:45.593975067 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.594331980 CEST77004974289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:45.594350100 CEST77004974289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:45.594523907 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.608886003 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.608907938 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.614085913 CEST77004974289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:45.614136934 CEST497427700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.721278906 CEST497437700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.727081060 CEST77004974389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:45.727174044 CEST497437700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.727550030 CEST497437700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:45.732305050 CEST77004974389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:46.337059975 CEST77004974389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:46.338681936 CEST497437700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:46.474869013 CEST77004974389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:46.478682995 CEST497437700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:46.478682995 CEST497437700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:46.478682995 CEST497437700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:46.483649969 CEST77004974389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:46.483697891 CEST77004974389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:46.774436951 CEST77004974389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:46.774597883 CEST497437700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:46.774683952 CEST77004974389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:46.774805069 CEST497437700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:46.876677990 CEST497387700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:46.877156973 CEST497447700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:46.881618977 CEST77004973889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:46.881944895 CEST77004974489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:46.882009029 CEST497447700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:46.882222891 CEST497447700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:46.886953115 CEST77004974489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:47.472289085 CEST77004974489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:47.474761963 CEST497447700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:47.599348068 CEST77004974489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:47.599401951 CEST497447700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:47.599826097 CEST497447700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:47.601501942 CEST497447700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:47.604573011 CEST77004974489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:47.607542038 CEST77004974489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:47.899785995 CEST77004974489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:47.899846077 CEST77004974489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:47.899941921 CEST497447700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:47.900257111 CEST497447700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:47.900257111 CEST497447700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:47.905015945 CEST77004974489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:48.003468990 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:48.571012020 CEST77004974589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:48.571175098 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:48.571497917 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:48.576505899 CEST77004974589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:49.181039095 CEST77004974589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:49.181174040 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.319423914 CEST77004974589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:49.319540977 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.319915056 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.321162939 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.326251984 CEST77004974589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:49.326265097 CEST77004974589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:49.503041029 CEST77004974589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:49.503091097 CEST77004974589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:49.503146887 CEST77004974589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:49.503256083 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.503309965 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.503794909 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.503824949 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.510579109 CEST77004974589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:49.510773897 CEST497457700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.611107111 CEST497467700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.616024971 CEST77004974689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:49.616156101 CEST497467700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.616518021 CEST497467700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:49.621377945 CEST77004974689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:50.214077950 CEST77004974689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:50.214234114 CEST497467700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:50.460725069 CEST77004974689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:50.460848093 CEST497467700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:50.461190939 CEST497467700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:50.462387085 CEST497467700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:50.466021061 CEST77004974689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:50.467139959 CEST77004974689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:50.755211115 CEST77004974689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:50.755263090 CEST77004974689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:50.755362034 CEST497467700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:50.757042885 CEST497467700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:50.760679960 CEST497467700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:50.765588045 CEST77004974689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:50.876862049 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:50.883930922 CEST77004974789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:50.884057045 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:50.884352922 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:50.889234066 CEST77004974789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:51.495083094 CEST77004974789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:51.495244980 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:51.626888990 CEST77004974789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:51.626992941 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:51.627346039 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:51.628597975 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:51.632075071 CEST77004974789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:51.633425951 CEST77004974789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:51.923507929 CEST77004974789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:51.923636913 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:51.923928022 CEST77004974789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:51.923938990 CEST77004974789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:51.923994064 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:52.032663107 CEST497437700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:52.033159971 CEST497487700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:52.037570000 CEST77004974389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:52.037942886 CEST77004974889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:52.038023949 CEST497487700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:52.038288116 CEST497487700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:52.044203043 CEST77004974889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:52.627552986 CEST77004974889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:52.627819061 CEST497487700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:52.759249926 CEST77004974889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:52.759394884 CEST497487700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:52.760190010 CEST497487700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:52.761162996 CEST497487700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:52.765007973 CEST77004974889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:52.766005993 CEST77004974889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:53.057949066 CEST77004974889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:53.058130026 CEST497487700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:53.058156967 CEST77004974889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:53.058289051 CEST497487700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:53.058455944 CEST497487700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:53.063278913 CEST77004974889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:53.173947096 CEST497497700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:53.179652929 CEST77004974989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:53.179755926 CEST497497700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:53.180089951 CEST497497700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:53.184879065 CEST77004974989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:53.772218943 CEST77004974989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:53.772351980 CEST497497700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:53.899135113 CEST77004974989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:53.899307966 CEST497497700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:53.904164076 CEST497497700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:53.909162045 CEST77004974989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:53.930354118 CEST497497700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:53.935280085 CEST77004974989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:54.197959900 CEST77004974989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:54.197987080 CEST77004974989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:54.198051929 CEST497497700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:54.198103905 CEST497497700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:54.200593948 CEST497497700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:54.207143068 CEST77004974989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:54.314249992 CEST497507700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:54.454808950 CEST77004975089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:54.454962969 CEST497507700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:54.455279112 CEST497507700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:54.460093975 CEST77004975089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:55.055788040 CEST77004975089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:55.055944920 CEST497507700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:55.184952974 CEST77004975089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:55.185117006 CEST497507700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:55.185509920 CEST497507700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:55.186773062 CEST497507700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:55.190547943 CEST77004975089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:55.192047119 CEST77004975089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:55.486299038 CEST77004975089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:55.486323118 CEST77004975089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:55.486423016 CEST497507700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:55.486687899 CEST497507700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:55.493771076 CEST77004975089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:55.595875025 CEST497517700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:55.601984024 CEST77004975189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:55.602118015 CEST497517700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:55.602489948 CEST497517700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:55.608820915 CEST77004975189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:56.190561056 CEST77004975189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:56.190709114 CEST497517700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:56.319318056 CEST77004975189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:56.319442987 CEST497517700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:56.341787100 CEST497517700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:56.343086004 CEST497517700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:56.346656084 CEST77004975189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:56.349020004 CEST77004975189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:56.628715038 CEST77004975189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:56.628763914 CEST77004975189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:56.628803968 CEST497517700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:56.628832102 CEST497517700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:56.667844057 CEST497517700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:56.673187017 CEST77004975189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:56.783226967 CEST497527700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:56.788367033 CEST77004975289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:56.788440943 CEST497527700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:56.788826942 CEST497527700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:56.793669939 CEST77004975289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:57.398772955 CEST77004975289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:57.398855925 CEST497527700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.535269022 CEST77004975289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:57.535391092 CEST497527700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.535759926 CEST497527700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.536990881 CEST497527700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.540533066 CEST77004975289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:57.541809082 CEST77004975289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:57.832530022 CEST77004975289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:57.832664013 CEST497527700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.833184958 CEST77004975289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:57.833261013 CEST497527700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.941895008 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.941926003 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.942441940 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.946796894 CEST77004974789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:57.946846008 CEST497477700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.947230101 CEST77004975389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:57.947366953 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.947613955 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:57.952478886 CEST77004975389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:58.547661066 CEST77004975389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:58.547734976 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:58.676906109 CEST77004975389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:58.677062988 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:58.687726974 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:58.689027071 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:58.693732023 CEST77004975389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:58.694930077 CEST77004975389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:58.986737013 CEST77004975389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:58.986829996 CEST77004975389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:58.986876011 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:58.986920118 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:58.986927032 CEST77004975389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:58.986974955 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:58.987143040 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:58.987169027 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:58.991903067 CEST77004975389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:58.992001057 CEST497537700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:59.095912933 CEST497547700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:59.100941896 CEST77004975489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:59.101039886 CEST497547700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:59.101304054 CEST497547700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:59.106623888 CEST77004975489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:59.699554920 CEST77004975489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:59.699621916 CEST497547700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:59.829188108 CEST77004975489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:59.829387903 CEST497547700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:59.829869986 CEST497547700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:59.831176996 CEST497547700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:22:59.836091042 CEST77004975489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:22:59.836512089 CEST77004975489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:00.121084929 CEST77004975489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:00.121180058 CEST77004975489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:00.121193886 CEST497547700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:00.121232986 CEST497547700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:00.121572018 CEST497547700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:00.126389027 CEST77004975489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:00.236284971 CEST497567700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:00.241333008 CEST77004975689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:00.241419077 CEST497567700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:00.241991997 CEST497567700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:00.246866941 CEST77004975689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:00.840373993 CEST77004975689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:00.840426922 CEST497567700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:00.971106052 CEST77004975689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:00.971168041 CEST497567700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:01.037703037 CEST497567700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:01.038922071 CEST497567700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:01.042706966 CEST77004975689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:01.043703079 CEST77004975689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:01.330451965 CEST77004975689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:01.330472946 CEST77004975689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:01.330521107 CEST497567700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:01.330554008 CEST497567700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:01.369817972 CEST497567700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:01.374845982 CEST77004975689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:01.486299038 CEST497577700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:01.491456032 CEST77004975789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:01.491539955 CEST497577700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:01.491919041 CEST497577700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:01.496856928 CEST77004975789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:02.092370033 CEST77004975789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:02.094782114 CEST497577700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:02.221033096 CEST77004975789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:02.221215010 CEST497577700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:02.221560001 CEST497577700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:02.222840071 CEST497577700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:02.226368904 CEST77004975789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:02.227749109 CEST77004975789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:02.512706041 CEST77004975789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:02.512933969 CEST497577700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:02.513005972 CEST77004975789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:02.513068914 CEST497577700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:02.626771927 CEST497527700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:02.627257109 CEST497587700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:02.631891012 CEST77004975289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:02.632076979 CEST77004975889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:02.632138014 CEST497587700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:02.632348061 CEST497587700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:02.637343884 CEST77004975889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:03.222795963 CEST77004975889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:03.222887039 CEST497587700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:03.354038000 CEST77004975889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:03.354125023 CEST497587700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:03.354494095 CEST497587700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:03.355927944 CEST497587700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:03.359352112 CEST77004975889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:03.362112045 CEST77004975889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:03.645561934 CEST77004975889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:03.645730972 CEST497587700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:03.645808935 CEST77004975889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:03.645859957 CEST497587700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:03.788736105 CEST497577700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:03.789429903 CEST497597700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:03.793694973 CEST77004975789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:03.794219017 CEST77004975989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:03.794286966 CEST497597700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:03.817789078 CEST497597700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:03.822757959 CEST77004975989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:04.406188011 CEST77004975989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:04.406425953 CEST497597700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:04.539238930 CEST77004975989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:04.539400101 CEST497597700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:04.539798975 CEST497597700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:04.541075945 CEST497597700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:04.544536114 CEST77004975989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:04.545865059 CEST77004975989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:04.833044052 CEST77004975989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:04.833158016 CEST497597700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:04.834273100 CEST77004975989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:04.834337950 CEST497597700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:04.939153910 CEST497587700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:04.939656973 CEST497607700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:04.945487022 CEST77004975889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:04.945746899 CEST77004976089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:04.945820093 CEST497607700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:04.946111917 CEST497607700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:04.952444077 CEST77004976089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:05.540740013 CEST77004976089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:05.540973902 CEST497607700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:05.686604977 CEST77004976089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:05.686852932 CEST497607700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:05.687258005 CEST497607700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:05.688504934 CEST497607700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:05.692054033 CEST77004976089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:05.693281889 CEST77004976089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:05.982961893 CEST77004976089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:05.983216047 CEST497607700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:05.983335972 CEST77004976089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:05.983405113 CEST497607700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:06.104863882 CEST497597700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:06.105207920 CEST497617700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:06.111727953 CEST77004975989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:06.112200022 CEST77004976189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:06.112332106 CEST497617700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:06.112680912 CEST497617700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:06.119798899 CEST77004976189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:06.707721949 CEST77004976189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:06.707782984 CEST497617700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:06.844460964 CEST77004976189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:06.844603062 CEST497617700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:06.845087051 CEST497617700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:06.846443892 CEST497617700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:06.849874973 CEST77004976189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:06.853879929 CEST77004976189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:07.139148951 CEST77004976189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:07.139238119 CEST497617700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:07.139638901 CEST77004976189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:07.139691114 CEST497617700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:07.251785040 CEST497607700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:07.252278090 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:07.256619930 CEST77004976089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:07.258344889 CEST77004976289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:07.258421898 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:07.258718967 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:07.263885975 CEST77004976289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:07.859646082 CEST77004976289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:07.859728098 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:07.997690916 CEST77004976289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:07.997766972 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:07.998205900 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:07.999418020 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:08.005532980 CEST77004976289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:08.006616116 CEST77004976289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:08.294456959 CEST77004976289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:08.294573069 CEST77004976289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:08.294578075 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:08.294622898 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:08.294862986 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:08.294888020 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:08.295038939 CEST77004976289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:08.295084953 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:08.299611092 CEST77004976289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:08.299670935 CEST497627700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:08.408071041 CEST497637700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:08.413055897 CEST77004976389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:08.413119078 CEST497637700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:08.413505077 CEST497637700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:08.418345928 CEST77004976389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:09.022665024 CEST77004976389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:09.022722960 CEST497637700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:09.155055046 CEST77004976389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:09.155174971 CEST497637700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:09.155551910 CEST497637700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:09.156763077 CEST497637700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:09.160306931 CEST77004976389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:09.161583900 CEST77004976389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:09.448714018 CEST77004976389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:09.448740005 CEST77004976389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:09.448791027 CEST497637700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:09.448811054 CEST497637700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:09.449130058 CEST497637700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:09.453871965 CEST77004976389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:09.564363956 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:09.569376945 CEST77004976489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:09.569536924 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:09.569765091 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:09.574542999 CEST77004976489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:10.163350105 CEST77004976489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:10.163407087 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.295866966 CEST77004976489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:10.296061993 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.296483994 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.297801018 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.301295042 CEST77004976489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:10.302752018 CEST77004976489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:10.585532904 CEST77004976489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:10.585552931 CEST77004976489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:10.585571051 CEST77004976489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:10.585777998 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.586385012 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.586457014 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.591183901 CEST77004976489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:10.591283083 CEST497647700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.689316034 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.694255114 CEST77004976589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:10.694380045 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.694688082 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:10.701329947 CEST77004976589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:11.306236029 CEST77004976589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:11.306297064 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:11.443370104 CEST77004976589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:11.443568945 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:11.452811003 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:11.454165936 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:11.457720041 CEST77004976589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:11.459058046 CEST77004976589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:11.749481916 CEST77004976589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:11.749706984 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:11.749772072 CEST77004976589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:11.749815941 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:11.749979019 CEST77004976589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:11.750020027 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:11.750168085 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:11.750195026 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:11.754899979 CEST77004976589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:11.754961014 CEST497657700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:11.861509085 CEST497667700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:12.004981041 CEST77004976689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:12.005132914 CEST497667700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:12.005532026 CEST497667700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:12.012470007 CEST77004976689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:12.593767881 CEST77004976689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:12.593915939 CEST497667700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:12.729424000 CEST77004976689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:12.729506969 CEST497667700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:12.729901075 CEST497667700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:12.731122017 CEST497667700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:12.736865997 CEST77004976689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:12.738027096 CEST77004976689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:13.015981913 CEST77004976689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:13.016046047 CEST497667700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:13.016365051 CEST77004976689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:13.016415119 CEST497667700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:13.134183884 CEST497617700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:13.134644985 CEST497677700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:13.139103889 CEST77004976189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:13.139503956 CEST77004976789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:13.139597893 CEST497677700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:13.142164946 CEST497677700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:13.146981001 CEST77004976789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:13.749639034 CEST77004976789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:13.749789953 CEST497677700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:13.886970043 CEST77004976789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:13.887069941 CEST497677700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:13.887418985 CEST497677700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:13.888653040 CEST497677700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:13.892189026 CEST77004976789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:13.893388987 CEST77004976789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:14.192825079 CEST77004976789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:14.192897081 CEST497677700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:14.193003893 CEST77004976789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:14.193063021 CEST497677700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:14.298454046 CEST497667700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:14.298898935 CEST497687700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:14.303981066 CEST77004976689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:14.304419994 CEST77004976889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:14.304511070 CEST497687700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:14.304775953 CEST497687700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:14.309535980 CEST77004976889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:14.905735016 CEST77004976889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:14.905824900 CEST497687700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:15.034271955 CEST77004976889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:15.034356117 CEST497687700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:15.034725904 CEST497687700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:15.035984039 CEST497687700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:15.040813923 CEST77004976889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:15.042068005 CEST77004976889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:15.331572056 CEST77004976889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:15.331633091 CEST497687700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:15.331671000 CEST77004976889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:15.331717014 CEST497687700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:15.331960917 CEST497687700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:15.336709976 CEST77004976889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:15.439246893 CEST497697700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:15.444103003 CEST77004976989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:15.444190025 CEST497697700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:15.444494009 CEST497697700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:15.449518919 CEST77004976989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:16.036829948 CEST77004976989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:16.036942959 CEST497697700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:16.167881012 CEST77004976989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:16.167983055 CEST497697700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:16.168356895 CEST497697700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:16.169578075 CEST497697700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:16.173099995 CEST77004976989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:16.174388885 CEST77004976989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:16.460071087 CEST77004976989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:16.460098982 CEST77004976989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:16.460185051 CEST497697700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:16.460238934 CEST497697700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:16.460465908 CEST497697700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:16.465199947 CEST77004976989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:16.564454079 CEST497707700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:16.569317102 CEST77004977089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:16.569401979 CEST497707700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:16.569699049 CEST497707700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:16.574552059 CEST77004977089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:17.159758091 CEST77004977089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:17.159863949 CEST497707700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:17.287158012 CEST77004977089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:17.287276983 CEST497707700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:17.287650108 CEST497707700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:17.288844109 CEST497707700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:17.292447090 CEST77004977089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:17.293690920 CEST77004977089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:17.577589989 CEST77004977089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:17.577657938 CEST77004977089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:17.577769995 CEST497707700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:17.578270912 CEST497707700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:17.578270912 CEST497707700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:17.583791018 CEST77004977089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:17.689575911 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:17.694485903 CEST77004977189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:17.694559097 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:17.694986105 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:17.699827909 CEST77004977189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:18.291851997 CEST77004977189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:18.291951895 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:18.421700954 CEST77004977189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:18.421941042 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:18.422274113 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:18.423988104 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:18.427117109 CEST77004977189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:18.428834915 CEST77004977189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:18.715836048 CEST77004977189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:18.716134071 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:18.716310024 CEST77004977189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:18.716324091 CEST77004977189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:18.716397047 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:18.829799891 CEST497677700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:18.830383062 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:18.834709883 CEST77004976789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:18.835197926 CEST77004977289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:18.835274935 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:18.835675955 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:18.840500116 CEST77004977289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:19.444097996 CEST77004977289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:19.444190979 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:19.575020075 CEST77004977289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:19.575285912 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:19.575573921 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:19.576838970 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:19.580351114 CEST77004977289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:19.581672907 CEST77004977289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:19.964159012 CEST77004977289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:19.964227915 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:19.964241982 CEST77004977289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:19.964252949 CEST77004977289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:19.964291096 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:19.964303017 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:19.964540958 CEST497727700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:19.969264030 CEST77004977289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:20.082633018 CEST497737700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:20.087663889 CEST77004977389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:20.087783098 CEST497737700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:20.088089943 CEST497737700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:20.092879057 CEST77004977389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:20.779422998 CEST77004977389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:20.779670000 CEST497737700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:20.840794086 CEST77004977389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:20.840892076 CEST497737700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:20.841213942 CEST497737700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:20.842495918 CEST497737700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:20.845978975 CEST77004977389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:20.847313881 CEST77004977389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:21.136929989 CEST77004977389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:21.136956930 CEST77004977389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:21.137011051 CEST497737700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:21.137053967 CEST497737700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:21.137276888 CEST497737700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:21.142168999 CEST77004977389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:21.252079964 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:21.257251024 CEST77004977489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:21.257458925 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:21.257797003 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:21.262625933 CEST77004977489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:21.867136955 CEST77004977489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:21.867369890 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.002722025 CEST77004977489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:22.002846003 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.003324986 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.004514933 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.008208036 CEST77004977489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:22.009362936 CEST77004977489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:22.302712917 CEST77004977489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:22.302802086 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.303225994 CEST77004977489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:22.303241014 CEST77004977489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:22.303281069 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.303306103 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.407690048 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.407732964 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.408205032 CEST497757700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.412580967 CEST77004977189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:22.412638903 CEST497717700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.412969112 CEST77004977589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:22.413034916 CEST497757700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.413244963 CEST497757700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:22.417979956 CEST77004977589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:23.001135111 CEST77004977589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:23.001435995 CEST497757700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.130950928 CEST77004977589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:23.131155968 CEST497757700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.131548882 CEST497757700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.132888079 CEST497757700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.136288881 CEST77004977589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:23.137650013 CEST77004977589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:23.418536901 CEST77004977589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:23.418750048 CEST497757700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.418982983 CEST77004977589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:23.419034958 CEST497757700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.532740116 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.532777071 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.533447981 CEST497767700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.539014101 CEST77004977489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:23.539031029 CEST77004977689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:23.539068937 CEST497747700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.539098024 CEST497767700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.539414883 CEST497767700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:23.544368982 CEST77004977689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:24.210819960 CEST77004977689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:24.210972071 CEST497767700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:24.259293079 CEST77004977689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:24.259430885 CEST497767700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:24.259923935 CEST497767700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:24.261058092 CEST497767700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:24.265244007 CEST77004977689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:24.266309023 CEST77004977689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:24.611957073 CEST77004977689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:24.611994028 CEST77004977689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:24.612138987 CEST77004977689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:24.612163067 CEST497767700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:24.612189054 CEST497767700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:24.612339020 CEST497767700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:24.617060900 CEST77004977689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:24.720593929 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:24.725632906 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:24.725728035 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:24.726003885 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:24.730818987 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.347469091 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.347532034 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.347579956 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.347625017 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.347680092 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.347719908 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.347795963 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.347820997 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.347834110 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.347858906 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.348072052 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.349297047 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.353022099 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.354082108 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.640172958 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.640249968 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.640311956 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.640341997 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.640631914 CEST497777700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.647839069 CEST77004977789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.752130985 CEST497787700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.757647038 CEST77004977889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:26.757741928 CEST497787700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.758007050 CEST497787700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:26.763201952 CEST77004977889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:27.348731995 CEST77004977889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:27.348860025 CEST497787700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:27.484450102 CEST77004977889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:27.484513044 CEST497787700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:27.486387968 CEST497787700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:27.487958908 CEST497787700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:27.491205931 CEST77004977889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:27.492809057 CEST77004977889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:27.776972055 CEST77004977889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:27.777108908 CEST497787700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:27.777493954 CEST77004977889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:27.777549028 CEST497787700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:27.819884062 CEST497787700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:27.824832916 CEST77004977889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:27.972692966 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:28.146760941 CEST77004977989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:28.146936893 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:28.147252083 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:28.151984930 CEST77004977989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:28.736367941 CEST77004977989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:28.736438036 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:28.867198944 CEST77004977989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:28.867364883 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:28.867753983 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:28.869071007 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:28.875231028 CEST77004977989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:28.876332045 CEST77004977989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:29.163389921 CEST77004977989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:29.163443089 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:29.163494110 CEST77004977989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:29.163527966 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:29.163572073 CEST77004977989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:29.163608074 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:29.163752079 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:29.163775921 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:29.168467045 CEST77004977989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:29.168514013 CEST497797700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:29.267657995 CEST497807700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:29.272558928 CEST77004978089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:29.272675037 CEST497807700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:29.272957087 CEST497807700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:29.277901888 CEST77004978089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:29.871967077 CEST77004978089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:29.872215986 CEST497807700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:30.004806995 CEST77004978089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:30.004945040 CEST497807700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:30.005295038 CEST497807700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:30.006556034 CEST497807700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:30.010116100 CEST77004978089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:30.011477947 CEST77004978089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:30.298671007 CEST77004978089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:30.298810959 CEST77004978089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:30.298808098 CEST497807700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:30.298855066 CEST497807700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:30.311538935 CEST497807700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:30.317955971 CEST77004978089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:30.569037914 CEST497817700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:30.573996067 CEST77004978189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:30.574079037 CEST497817700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:30.578192949 CEST497817700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:30.583151102 CEST77004978189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:31.186197996 CEST77004978189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:31.186316013 CEST497817700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:31.325548887 CEST77004978189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:31.325917959 CEST497817700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:31.326211929 CEST497817700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:31.327842951 CEST497817700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:31.330930948 CEST77004978189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:31.332699060 CEST77004978189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:31.623153925 CEST77004978189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:31.623261929 CEST497817700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:31.623300076 CEST77004978189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:31.623347998 CEST497817700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:31.623569965 CEST497817700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:31.628303051 CEST77004978189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:31.736208916 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:31.741163015 CEST77004978289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:31.741271973 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:31.741539955 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:31.746396065 CEST77004978289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:32.338164091 CEST77004978289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:32.338236094 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.472898006 CEST77004978289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:32.473040104 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.473464966 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.474838972 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.478224993 CEST77004978289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:32.479619026 CEST77004978289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:32.766874075 CEST77004978289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:32.767007113 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.767160892 CEST77004978289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:32.767195940 CEST77004978289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:32.767210960 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.767241001 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.876703978 CEST497757700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.877229929 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.881762981 CEST77004977589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:32.882119894 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:32.882314920 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.882602930 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:32.887497902 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:33.472779036 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:33.472862959 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:33.608546972 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:33.608705044 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:33.609136105 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:33.610374928 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:33.614027977 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:33.615299940 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:34.731688976 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:34.731708050 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:34.731749058 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:34.731786966 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:34.731792927 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:34.731826067 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:34.731828928 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:34.731863976 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:34.732314110 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:34.732374907 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:34.732413054 CEST497837700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:34.737636089 CEST77004978389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:34.845782042 CEST497847700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:34.852072001 CEST77004978489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:34.852178097 CEST497847700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:34.852583885 CEST497847700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:34.857455015 CEST77004978489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:35.442605019 CEST77004978489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:35.442708969 CEST497847700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:35.572642088 CEST77004978489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:35.572750092 CEST497847700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:35.573607922 CEST497847700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:35.577348948 CEST497847700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:35.579615116 CEST77004978489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:35.583446026 CEST77004978489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:35.862541914 CEST77004978489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:35.862572908 CEST77004978489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:35.862601042 CEST497847700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:35.862643003 CEST497847700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:35.862941980 CEST497847700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:35.869262934 CEST77004978489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:35.970618010 CEST497857700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:35.977242947 CEST77004978589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:35.977392912 CEST497857700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:35.977771997 CEST497857700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:35.983943939 CEST77004978589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:36.570799112 CEST77004978589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:36.570874929 CEST497857700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:36.884540081 CEST77004978589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:36.884752035 CEST497857700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:36.885133982 CEST497857700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:36.886343002 CEST497857700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:36.889880896 CEST77004978589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:36.891197920 CEST77004978589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:37.177000046 CEST77004978589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:37.177028894 CEST77004978589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:37.177423000 CEST497857700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:37.177423000 CEST497857700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:37.182528019 CEST77004978589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:37.283252954 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:37.288192034 CEST77004978689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:37.288379908 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:37.288774014 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:37.293603897 CEST77004978689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:37.898264885 CEST77004978689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:37.898401976 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.031471014 CEST77004978689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:38.031639099 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.032053947 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.033380985 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.036849022 CEST77004978689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:38.038217068 CEST77004978689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:38.325855017 CEST77004978689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:38.325915098 CEST77004978689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:38.325957060 CEST77004978689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:38.325995922 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.326045990 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.326390982 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.326447010 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.331166029 CEST77004978689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:38.331365108 CEST497867700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.439485073 CEST497877700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.444410086 CEST77004978789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:38.444583893 CEST497877700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.444968939 CEST497877700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:38.449826956 CEST77004978789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:39.035705090 CEST77004978789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:39.035897017 CEST497877700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:39.163247108 CEST77004978789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:39.163372040 CEST497877700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:39.163742065 CEST497877700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:39.165296078 CEST497877700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:39.168534994 CEST77004978789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:39.170195103 CEST77004978789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:39.458707094 CEST77004978789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:39.458791018 CEST77004978789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:39.458862066 CEST497877700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:39.458898067 CEST497877700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:39.459182024 CEST497877700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:39.466955900 CEST77004978789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:39.564459085 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:39.569480896 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:39.569588900 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:39.570015907 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:39.574994087 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:40.188215017 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:40.188364029 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:40.324827909 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:40.324974060 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:40.325380087 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:40.326725960 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:40.330167055 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:40.331518888 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:41.567544937 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:41.567586899 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:41.567598104 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:41.567651987 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:41.567687035 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:41.567970037 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:41.568593025 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:41.568650961 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:41.568696976 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:41.568738937 CEST497887700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:41.572753906 CEST77004978889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:41.677545071 CEST497897700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:41.682602882 CEST77004978989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:41.682698011 CEST497897700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:41.685386896 CEST497897700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:41.690330029 CEST77004978989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:42.270201921 CEST77004978989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:42.270266056 CEST497897700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.398509026 CEST77004978989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:42.398776054 CEST497897700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.399193048 CEST497897700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.400804043 CEST497897700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.403903961 CEST77004978989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:42.405610085 CEST77004978989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:42.688904047 CEST77004978989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:42.689085960 CEST497897700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.689147949 CEST77004978989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:42.689249992 CEST497897700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.798537970 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.798568010 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.799103975 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.803560019 CEST77004978289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:42.803601980 CEST497827700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.804042101 CEST77004979089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:42.804112911 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.804502964 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:42.809432030 CEST77004979089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:43.394417048 CEST77004979089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:43.394515038 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.523178101 CEST77004979089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:43.523297071 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.523673058 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.524914026 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.528496981 CEST77004979089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:43.529858112 CEST77004979089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:43.816728115 CEST77004979089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:43.816777945 CEST77004979089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:43.816838980 CEST77004979089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:43.816862106 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.816926956 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.817198992 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.817198992 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.817210913 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.822011948 CEST77004979089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:43.822092056 CEST497907700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.923701048 CEST497917700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.928586006 CEST77004979189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:43.928687096 CEST497917700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.928971052 CEST497917700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:43.933857918 CEST77004979189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:44.514714956 CEST77004979189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:44.515002012 CEST497917700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:44.645423889 CEST77004979189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:44.645601034 CEST497917700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:44.646114111 CEST497917700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:44.647701025 CEST497917700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:44.651443958 CEST77004979189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:44.653040886 CEST77004979189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:44.937041998 CEST77004979189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:44.937097073 CEST77004979189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:44.937246084 CEST497917700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:44.937570095 CEST497917700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:44.944010973 CEST77004979189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:45.049169064 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:45.054179907 CEST77004979289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:45.054330111 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:45.054702997 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:45.059528112 CEST77004979289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:45.673834085 CEST77004979289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:45.673986912 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:45.817866087 CEST77004979289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:45.818011045 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:45.818397045 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:45.820036888 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:45.823208094 CEST77004979289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:45.824901104 CEST77004979289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:46.113964081 CEST77004979289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:46.114005089 CEST77004979289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:46.114026070 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.114048004 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.114065886 CEST77004979289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:46.114105940 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.114321947 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.114342928 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.119112968 CEST77004979289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:46.119163990 CEST497927700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.220603943 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.225604057 CEST77004979389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:46.225694895 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.225987911 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.230760098 CEST77004979389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:46.820274115 CEST77004979389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:46.820368052 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.947971106 CEST77004979389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:46.948095083 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.948492050 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.949656010 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:46.953259945 CEST77004979389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:46.954447031 CEST77004979389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:47.241195917 CEST77004979389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:47.241307974 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:47.241322041 CEST77004979389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:47.241334915 CEST77004979389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:47.241362095 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:47.241384029 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:47.241679907 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:47.241704941 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:47.247570992 CEST77004979389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:47.247623920 CEST497937700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:47.345619917 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:47.350433111 CEST77004979489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:47.350584984 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:47.350928068 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:47.356378078 CEST77004979489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:47.950773001 CEST77004979489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:47.950902939 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.076818943 CEST77004979489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:48.076966047 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.086541891 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.087723970 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.093741894 CEST77004979489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:48.095338106 CEST77004979489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:48.378803015 CEST77004979489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:48.378825903 CEST77004979489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:48.378904104 CEST77004979489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:48.378952980 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.379246950 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.379246950 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.379261971 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.385561943 CEST77004979489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:48.385653973 CEST497947700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.486179113 CEST497957700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.490987062 CEST77004979589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:48.491085052 CEST497957700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.491396904 CEST497957700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:48.496161938 CEST77004979589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:49.100831032 CEST77004979589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:49.100970030 CEST497957700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:49.239444971 CEST77004979589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:49.239516020 CEST497957700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:49.239984989 CEST497957700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:49.241344929 CEST497957700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:49.244859934 CEST77004979589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:49.246196032 CEST77004979589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:49.537439108 CEST77004979589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:49.537533998 CEST77004979589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:49.537559986 CEST497957700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:49.537595034 CEST497957700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:49.537872076 CEST497957700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:49.542855978 CEST77004979589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:49.642581940 CEST497967700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:49.647676945 CEST77004979689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:49.647835970 CEST497967700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:49.648147106 CEST497967700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:49.652980089 CEST77004979689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:50.264887094 CEST77004979689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:50.265044928 CEST497967700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:50.400861979 CEST77004979689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:50.401024103 CEST497967700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:50.401675940 CEST497967700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:50.402879953 CEST497967700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:50.409255981 CEST77004979689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:50.410398006 CEST77004979689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:50.701828957 CEST77004979689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:50.701944113 CEST77004979689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:50.701956987 CEST497967700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:50.702069044 CEST497967700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:50.702203035 CEST497967700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:50.706954002 CEST77004979689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:50.814924955 CEST497977700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:50.820080042 CEST77004979789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:50.820203066 CEST497977700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:50.820506096 CEST497977700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:50.825443983 CEST77004979789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:51.413434982 CEST77004979789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:51.413608074 CEST497977700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:51.543143988 CEST77004979789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:51.543411970 CEST497977700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:51.543687105 CEST497977700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:51.544887066 CEST497977700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:51.548448086 CEST77004979789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:51.549698114 CEST77004979789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:51.834825993 CEST77004979789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:51.834867001 CEST77004979789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:51.834989071 CEST497977700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:51.835305929 CEST497977700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:51.840105057 CEST77004979789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:51.939522982 CEST497987700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:51.944482088 CEST77004979889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:51.944601059 CEST497987700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:51.944948912 CEST497987700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:51.949769974 CEST77004979889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:52.556545973 CEST77004979889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:52.556700945 CEST497987700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:52.691427946 CEST77004979889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:52.691586018 CEST497987700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:52.691982985 CEST497987700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:52.693166971 CEST497987700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:52.696784019 CEST77004979889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:52.697932005 CEST77004979889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:52.984843016 CEST77004979889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:52.984883070 CEST77004979889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:52.984911919 CEST497987700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:52.984941006 CEST497987700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:52.985203028 CEST497987700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:52.990004063 CEST77004979889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:53.096040010 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:53.101211071 CEST77004979989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:53.101294994 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:53.105317116 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:53.110188007 CEST77004979989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:53.691662073 CEST77004979989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:53.691817045 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:53.819295883 CEST77004979989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:53.819489002 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:53.819884062 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:53.821131945 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:53.824717999 CEST77004979989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:53.826076984 CEST77004979989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:54.113523960 CEST77004979989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:54.113667965 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.113714933 CEST77004979989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:54.113818884 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.113837004 CEST77004979989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:54.113889933 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.113977909 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.114000082 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.120985985 CEST77004979989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:54.121088028 CEST497997700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.220678091 CEST498007700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.225761890 CEST77004980089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:54.225869894 CEST498007700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.226176023 CEST498007700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.231014967 CEST77004980089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:54.816500902 CEST77004980089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:54.816643000 CEST498007700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.947114944 CEST77004980089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:54.947304964 CEST498007700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.947722912 CEST498007700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.948934078 CEST498007700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:54.952507973 CEST77004980089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:54.953907013 CEST77004980089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:55.238490105 CEST77004980089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:55.238538980 CEST77004980089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:55.238615036 CEST498007700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:55.238639116 CEST498007700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:55.238940001 CEST498007700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:55.245953083 CEST77004980089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:55.345823050 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:55.351661921 CEST77004980189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:55.351768017 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:55.352073908 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:55.357081890 CEST77004980189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:55.959469080 CEST77004980189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:55.959557056 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.090903044 CEST77004980189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:56.091064930 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.091617107 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.093544960 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.097229004 CEST77004980189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:56.098942995 CEST77004980189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:56.388149023 CEST77004980189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:56.388184071 CEST77004980189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:56.388303041 CEST77004980189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:56.388310909 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.388392925 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.388622046 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.388647079 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.393367052 CEST77004980189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:56.393420935 CEST498017700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.502156973 CEST498027700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.507067919 CEST77004980289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:56.507191896 CEST498027700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.507505894 CEST498027700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:56.512692928 CEST77004980289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:57.115839005 CEST77004980289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:57.116044044 CEST498027700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:57.247363091 CEST77004980289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:57.247519970 CEST498027700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:57.247950077 CEST498027700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:57.249178886 CEST498027700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:57.252722025 CEST77004980289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:57.253951073 CEST77004980289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:57.540994883 CEST77004980289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:57.541053057 CEST77004980289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:57.541115046 CEST498027700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:57.541162014 CEST498027700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:57.541373014 CEST498027700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:57.546188116 CEST77004980289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:57.642489910 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:57.647609949 CEST77004980389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:57.647757053 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:57.648047924 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:57.652879953 CEST77004980389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:58.247961044 CEST77004980389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:58.248028994 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.376944065 CEST77004980389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:58.377054930 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.377437115 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.378618002 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.382622957 CEST77004980389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:58.384310007 CEST77004980389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:58.666990042 CEST77004980389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:58.667031050 CEST77004980389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:58.667105913 CEST77004980389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:58.667181015 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.667241096 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.667649031 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.667690039 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.672421932 CEST77004980389.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:58.672492981 CEST498037700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.783237934 CEST498047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.788187981 CEST77004980489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:58.788284063 CEST498047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.788583040 CEST498047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:58.793436050 CEST77004980489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:59.377382994 CEST77004980489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:59.377490997 CEST498047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:59.511217117 CEST77004980489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:59.511395931 CEST498047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:59.511805058 CEST498047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:59.513010025 CEST498047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:59.516642094 CEST77004980489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:59.517832041 CEST77004980489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:59.800304890 CEST77004980489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:59.800380945 CEST498047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:59.800555944 CEST77004980489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:59.800601959 CEST498047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:59.907869101 CEST497897700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:59.908354044 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:59.912811995 CEST77004978989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:59.913208961 CEST77004980589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:23:59.913269997 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:59.913479090 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:23:59.918288946 CEST77004980589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:00.524378061 CEST77004980589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:00.524473906 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:00.663600922 CEST77004980589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:00.663781881 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:00.664482117 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:00.666023016 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:00.669241905 CEST77004980589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:00.673026085 CEST77004980589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:00.957041979 CEST77004980589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:00.957119942 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:00.957130909 CEST77004980589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:00.957166910 CEST77004980589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:00.957176924 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:00.957211018 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:00.957449913 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:00.957473993 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:00.968400002 CEST77004980589.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:00.968466043 CEST498057700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:01.064450979 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:01.073683023 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:01.073805094 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:01.074129105 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:01.083434105 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:01.670636892 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:01.670806885 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:02.871038914 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:02.871201992 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:02.872081041 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:02.872143984 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:02.872849941 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:02.872899055 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:02.873148918 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:02.873188019 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:02.880508900 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:02.881659985 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:02.886145115 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:02.887761116 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:03.173573971 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:03.173634052 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:03.173744917 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:03.173744917 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:03.173887014 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:03.173930883 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:03.173973083 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:03.173999071 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:03.180682898 CEST77004980689.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:03.180728912 CEST498067700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:03.283196926 CEST498077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:03.291018963 CEST77004980789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:03.291107893 CEST498077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:03.291440964 CEST498077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:03.299422979 CEST77004980789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:03.882839918 CEST77004980789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:03.883018017 CEST498077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:04.011149883 CEST77004980789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:04.011271954 CEST498077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:04.011715889 CEST498077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:04.012903929 CEST498077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:04.022923946 CEST77004980789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:04.027854919 CEST77004980789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:04.307097912 CEST77004980789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:04.307142973 CEST77004980789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:04.307187080 CEST498077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:04.307225943 CEST498077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:04.307513952 CEST498077700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:04.312200069 CEST77004980789.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:04.423891068 CEST498087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:04.431267023 CEST77004980889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:04.431402922 CEST498087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:04.431704044 CEST498087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:04.440089941 CEST77004980889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:05.032733917 CEST77004980889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:05.032851934 CEST498087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:05.165080070 CEST77004980889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:05.165290117 CEST498087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:05.165688992 CEST498087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:05.166886091 CEST498087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:05.170536041 CEST77004980889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:05.171699047 CEST77004980889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:05.457535028 CEST77004980889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:05.457683086 CEST498087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:05.457694054 CEST77004980889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:05.457743883 CEST498087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:05.458004951 CEST498087700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:05.462798119 CEST77004980889.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:05.564868927 CEST498097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:05.570485115 CEST77004980989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:05.570569992 CEST498097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:05.570838928 CEST498097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:05.577466011 CEST77004980989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:06.165640116 CEST77004980989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:06.165769100 CEST498097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:06.296006918 CEST77004980989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:06.296088934 CEST498097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:06.296453953 CEST498097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:06.297640085 CEST498097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:06.301273108 CEST77004980989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:06.302479029 CEST77004980989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:06.586709976 CEST77004980989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:06.586808920 CEST498097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:06.587425947 CEST77004980989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:06.587440968 CEST77004980989.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:06.587517023 CEST498097700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:06.689029932 CEST498047700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:06.689752102 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:06.694308996 CEST77004980489.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:06.695868015 CEST77004981089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:06.695952892 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:06.696247101 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:06.701137066 CEST77004981089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:07.289047003 CEST77004981089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:07.289160967 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.419893980 CEST77004981089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:07.420006037 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.420494080 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.421698093 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.426279068 CEST77004981089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:07.427603960 CEST77004981089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:07.709603071 CEST77004981089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:07.709640980 CEST77004981089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:07.709733963 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.709774971 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.709868908 CEST77004981089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:07.709916115 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.710052013 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.710069895 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.716053963 CEST77004981089.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:07.716125011 CEST498107700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.819479942 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.826868057 CEST77004981189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:07.826946974 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.827311039 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:07.833256960 CEST77004981189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:08.425159931 CEST77004981189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:08.425246000 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.556960106 CEST77004981189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:08.557075024 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.557460070 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.558629990 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.562186956 CEST77004981189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:08.563390017 CEST77004981189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:08.868001938 CEST77004981189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:08.868222952 CEST77004981189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:08.868304014 CEST77004981189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:08.868350029 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.868623018 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.868623018 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.868652105 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.873600960 CEST77004981189.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:08.876868963 CEST498117700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.970642090 CEST498127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.975672007 CEST77004981289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:08.975779057 CEST498127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.976108074 CEST498127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:08.981055021 CEST77004981289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:09.566978931 CEST77004981289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:09.569184065 CEST498127700192.168.2.589.197.154.115
                                                                            Sep 27, 2024 11:24:09.695287943 CEST77004981289.197.154.115192.168.2.5
                                                                            Sep 27, 2024 11:24:09.695377111 CEST498127700192.168.2.589.197.154.115

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Sep 27, 2024 11:22:05.920010090 CEST1.1.1.1192.168.2.50xb89eNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                            Sep 27, 2024 11:22:05.920010090 CEST1.1.1.1192.168.2.50xb89eNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:05:22:04
                                                                            Start date:27/09/2024
                                                                            Path:C:\Users\user\Desktop\Xwl3DsNmN2.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\Xwl3DsNmN2.exe"
                                                                            Imagebase:0x400000
                                                                            File size:73'802 bytes
                                                                            MD5 hash:F9DED81115C4C75971A6A683782D06AE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Metasploit_24338919, Description: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., Source: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000000.2076699186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Metasploit_24338919, Description: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., Source: 00000000.00000000.2076699186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                            • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.3326164826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Metasploit_24338919, Description: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., Source: 00000000.00000002.3326164826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_ReflectiveLoader, Description: Yara detected ReflectiveLoader, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: Beacon_K5om, Description: Detects Meterpreter Beacon - file K5om.dll, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                            • Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                            • Rule: Leviathan_CobaltStrike_Sample_1, Description: Detects Cobalt Strike sample from Leviathan report, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                            • Rule: crime_win32_csbeacon_1, Description: Detects Cobalt Strike loader, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: @VK_Intel
                                                                            • Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                            • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                            • Rule: MALWARE_Win_CobaltStrike, Description: CobaltStrike payload, Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_ReflectiveLoader, Description: Yara detected ReflectiveLoader, Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                            • Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                            • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                            Reputation:low
                                                                            Has exited:false

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:2.2%
                                                                              Dynamic/Decrypted Code Coverage:99.5%
                                                                              Signature Coverage:10.7%
                                                                              Total number of Nodes:580
                                                                              Total number of Limit Nodes:16
                                                                              execution_graph 40910 5b01bb InternetConnectA HttpOpenRequestA 40914 5b01dc 40910->40914 40911 5b0214 VirtualAlloc 40912 5b022d InternetReadFile 40911->40912 40912->40914 40913 5b0248 40914->40911 40914->40912 40914->40913 40915 40a0c7 40916 40a0db VirtualAlloc 40915->40916 40918 40a12a 40916->40918 40918->40918 40919 32d9d07 40921 32d9d63 40919->40921 40920 32d9d91 40927 32da8a7 40920->40927 40921->40920 40937 32d9fe7 GetPEB 40921->40937 40924 32d9def 40931 2f8a5dc 40924->40931 40930 32da8c7 40927->40930 40928 32da97e VirtualAlloc 40929 32da99b 40928->40929 40929->40924 40930->40928 40930->40929 40932 2f8a5ec 40931->40932 40933 2f8a5e7 40931->40933 40938 2f8a4e6 40932->40938 40950 2f91da8 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 40933->40950 40936 2f8a5fa 40937->40920 40939 2f8a4f2 ___DllMainCRTStartup 40938->40939 40940 2f8a58f ___DllMainCRTStartup 40939->40940 40944 2f8a53f 40939->40944 40951 2f8a3b1 40939->40951 40940->40936 40943 2f8a552 40945 2f8a56f 40943->40945 40947 2f7a802 ___DllMainCRTStartup 326 API calls 40943->40947 40944->40940 41000 2f7a802 40944->41000 40945->40940 40946 2f8a3b1 __CRT_INIT@12 154 API calls 40945->40946 40946->40940 40948 2f8a566 40947->40948 40949 2f8a3b1 __CRT_INIT@12 154 API calls 40948->40949 40949->40945 40950->40932 40952 2f8a43c 40951->40952 40953 2f8a3c0 40951->40953 40955 2f8a442 40952->40955 40956 2f8a473 40952->40956 41020 2f8a68a HeapCreate 40953->41020 40960 2f8a3cb 40955->40960 40967 2f8a45d 40955->40967 41031 2f88f0a 67 API calls _doexit 40955->41031 40957 2f8a478 40956->40957 40958 2f8a4d1 40956->40958 41034 2f8d5c6 TlsGetValue 40957->41034 40958->40960 41055 2f8d8e0 79 API calls 2 library calls 40958->41055 40960->40944 40962 2f8a3d2 41022 2f8d94e 76 API calls 8 library calls 40962->41022 40967->40960 41032 2f90145 68 API calls __setenvp 40967->41032 40969 2f8a3d7 __RTC_Initialize 40972 2f8a3db 40969->40972 40979 2f8a3e7 GetCommandLineA 40969->40979 40971 2f8a489 40971->40960 41040 2f8d54b 6 API calls __crt_waiting_on_module_handle 40971->41040 41023 2f8a6ba VirtualFree HeapFree HeapFree HeapDestroy 40972->41023 40973 2f8a467 41033 2f8d5fa 7 API calls __decode_pointer 40973->41033 40977 2f8a3e0 40977->40960 41024 2f91c71 76 API calls 3 library calls 40979->41024 40980 2f8a4a7 40986 2f8a4ae 40980->40986 40987 2f8a4c5 40980->40987 40983 2f8a3f7 41025 2f8fef1 72 API calls 3 library calls 40983->41025 40985 2f8a401 40988 2f8a405 40985->40988 41027 2f91bb6 112 API calls 3 library calls 40985->41027 41041 2f8d637 67 API calls 5 library calls 40986->41041 41042 2f88722 40987->41042 41026 2f8d5fa 7 API calls __decode_pointer 40988->41026 40993 2f8a4b5 GetCurrentThreadId 40993->40960 40994 2f8a411 40995 2f8a425 40994->40995 41028 2f9193e 111 API calls 6 library calls 40994->41028 40995->40977 41030 2f90145 68 API calls __setenvp 40995->41030 40998 2f8a41a 40998->40995 41029 2f88d2d 74 API calls 5 library calls 40998->41029 41001 2f7a8b0 41000->41001 41005 2f7a812 ___DllMainCRTStartup 41000->41005 41135 2f7c35d 118 API calls 4 library calls 41001->41135 41003 2f7a8b8 41004 2f7a817 ___DllMainCRTStartup 41003->41004 41004->40943 41005->41004 41017 2f7a895 41005->41017 41131 2f7dae1 GetCurrentProcess GetCurrentProcess VirtualQuery ___DllMainCRTStartup 41005->41131 41008 2f7a850 41009 2f7a897 41008->41009 41010 2f7a85f 41008->41010 41008->41017 41011 2f7a8a0 41009->41011 41009->41017 41012 2f7a87c 41010->41012 41013 2f7a86b 41010->41013 41134 2f7da6f GetCurrentProcess GetCurrentProcess UnmapViewOfFile ___DllMainCRTStartup 41011->41134 41132 2f7d492 GetCurrentProcess VirtualFree ___DllMainCRTStartup 41012->41132 41015 2f7a873 HeapDestroy 41013->41015 41013->41017 41015->41017 41061 2f7131c 41017->41061 41018 2f7a887 41018->41017 41133 2f7d492 GetCurrentProcess VirtualFree ___DllMainCRTStartup 41018->41133 41021 2f8a3c6 41020->41021 41021->40960 41021->40962 41022->40969 41023->40977 41024->40983 41025->40985 41027->40994 41028->40998 41029->40995 41030->40988 41031->40967 41032->40973 41035 2f8d5db 41034->41035 41036 2f8a47d 41034->41036 41056 2f8d54b 6 API calls __crt_waiting_on_module_handle 41035->41056 41039 2f91852 67 API calls __calloc_impl 41036->41039 41038 2f8d5e6 TlsSetValue 41038->41036 41039->40971 41040->40980 41041->40993 41044 2f8872e ___DllMainCRTStartup 41042->41044 41043 2f887a7 __dosmaperr ___DllMainCRTStartup 41043->40977 41044->41043 41054 2f8876d 41044->41054 41057 2f8a8aa 67 API calls 2 library calls 41044->41057 41046 2f88782 HeapFree 41046->41043 41047 2f88794 41046->41047 41060 2f8a641 67 API calls __getptd_noexit 41047->41060 41049 2f88799 GetLastError 41049->41043 41050 2f88745 ___sbh_find_block 41051 2f8875f 41050->41051 41058 2f8a90d VirtualFree VirtualFree HeapFree __VEC_memcpy ___sbh_free_block 41050->41058 41059 2f88778 LeaveCriticalSection _doexit 41051->41059 41054->41043 41054->41046 41055->40960 41056->41038 41057->41050 41058->41051 41059->41054 41060->41049 41136 2f781bc 41061->41136 41063 2f71332 ___DllMainCRTStartup 41143 2f887ff 41063->41143 41065 2f713b7 ___DllMainCRTStartup 41161 2f7cb1c 41065->41161 41071 2f7140b 41072 2f7ea37 ___DllMainCRTStartup 72 API calls 41071->41072 41073 2f7141d 41072->41073 41189 2f7386e 41073->41189 41075 2f71425 41076 2f71429 41075->41076 41078 2f7142e ___DllMainCRTStartup 41075->41078 41289 2f7de47 85 API calls ___DllMainCRTStartup 41076->41289 41079 2f71443 41078->41079 41080 2f71448 41078->41080 41290 2f7de47 85 API calls ___DllMainCRTStartup 41079->41290 41194 2f738cc 41080->41194 41084 2f71456 41200 2f73927 41084->41200 41085 2f71451 41291 2f7de47 85 API calls ___DllMainCRTStartup 41085->41291 41089 2f7145f 41292 2f7de47 85 API calls ___DllMainCRTStartup 41089->41292 41091 2f71464 ___DllMainCRTStartup 41092 2f887ff _malloc 67 API calls 41091->41092 41093 2f7148b 41092->41093 41094 2f71496 41093->41094 41095 2f7149b ___DllMainCRTStartup 41093->41095 41293 2f7de47 85 API calls ___DllMainCRTStartup 41094->41293 41097 2f7ea37 ___DllMainCRTStartup 72 API calls 41095->41097 41098 2f714ae ___DllMainCRTStartup 41097->41098 41212 2f78060 GetACP GetOEMCP 41098->41212 41100 2f716ac 41307 2f7cea0 67 API calls __setenvp 41100->41307 41102 2f716b5 41104 2f88722 __setenvp 67 API calls 41102->41104 41103 2f88956 103 API calls __snprintf 41123 2f714c0 ___DllMainCRTStartup 41103->41123 41105 2f716be 41104->41105 41308 2f7de47 85 API calls ___DllMainCRTStartup 41105->41308 41106 2f7cdfa 68 API calls ___DllMainCRTStartup 41106->41123 41108 2f716c4 41108->41004 41116 2f7386e ___DllMainCRTStartup GetLocalTime 41116->41123 41123->41100 41123->41103 41123->41106 41123->41116 41128 2f715d3 41123->41128 41249 2f7273c 41123->41249 41261 2f72e3d 41123->41261 41268 2f78fa1 41123->41268 41278 2f72874 41123->41278 41281 2f754a0 41123->41281 41294 2f76072 67 API calls 7 library calls 41123->41294 41295 2f7bcc5 127 API calls 4 library calls 41123->41295 41296 2f7a36c htonl htonl _memset ___DllMainCRTStartup 41123->41296 41304 2f7300f 41123->41304 41124 2f7386e ___DllMainCRTStartup GetLocalTime 41124->41128 41127 2f72874 ___DllMainCRTStartup 3 API calls 41127->41128 41128->41123 41128->41124 41128->41127 41129 2f7273c ___DllMainCRTStartup 8 API calls 41128->41129 41297 2f74f55 141 API calls 2 library calls 41128->41297 41298 2f77853 129 API calls ___DllMainCRTStartup 41128->41298 41299 2f77017 135 API calls 4 library calls 41128->41299 41300 2f72fb7 126 API calls ___DllMainCRTStartup 41128->41300 41301 2f72962 115 API calls 3 library calls 41128->41301 41302 2f7de47 85 API calls ___DllMainCRTStartup 41128->41302 41303 2f7de47 85 API calls ___DllMainCRTStartup 41128->41303 41129->41128 41131->41008 41132->41018 41133->41017 41134->41017 41135->41003 41137 2f887ff _malloc 67 API calls 41136->41137 41138 2f781c7 41137->41138 41139 2f887ff _malloc 67 API calls 41138->41139 41142 2f781e4 _memset ___DllMainCRTStartup 41138->41142 41140 2f781d7 41139->41140 41141 2f88722 __setenvp 67 API calls 41140->41141 41140->41142 41141->41142 41142->41063 41144 2f888b2 41143->41144 41153 2f88811 41143->41153 41316 2f8b77f 6 API calls __decode_pointer 41144->41316 41146 2f888b8 41317 2f8a641 67 API calls __getptd_noexit 41146->41317 41151 2f8886e RtlAllocateHeap 41151->41153 41153->41151 41154 2f88822 41153->41154 41155 2f8889e 41153->41155 41158 2f888a3 41153->41158 41160 2f888aa 41153->41160 41312 2f887b0 67 API calls 4 library calls 41153->41312 41313 2f8b77f 6 API calls __decode_pointer 41153->41313 41154->41153 41309 2f8b737 67 API calls 2 library calls 41154->41309 41310 2f8b58c 67 API calls 7 library calls 41154->41310 41311 2f88cc2 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 41154->41311 41314 2f8a641 67 API calls __getptd_noexit 41155->41314 41315 2f8a641 67 API calls __getptd_noexit 41158->41315 41160->41065 41318 2f89e8e GetSystemTimeAsFileTime 41161->41318 41163 2f7cb2d 41320 2f88c0a 41163->41320 41165 2f7cb33 41165->41165 41166 2f887ff _malloc 67 API calls 41165->41166 41167 2f7cb76 _memset _memcpy_s 41166->41167 41323 2f8a0d5 41167->41323 41169 2f7cbe2 41170 2f8a0d5 _strtok 67 API calls 41169->41170 41173 2f713f0 41170->41173 41171 2f7cbb9 41171->41169 41172 2f8a0d5 _strtok 67 API calls 41171->41172 41172->41171 41174 2f75c3e 41173->41174 41175 2f89e8e __time64 GetSystemTimeAsFileTime 41174->41175 41176 2f75c50 41175->41176 41177 2f88c0a ___DllMainCRTStartup 67 API calls 41176->41177 41178 2f75c57 ___DllMainCRTStartup 41177->41178 41361 2f75cc4 41178->41361 41181 2f7ea37 41182 2f7ea50 41181->41182 41187 2f7ea63 _memset 41181->41187 41183 2f7ea65 41182->41183 41184 2f7ea59 41182->41184 41372 2f8a196 72 API calls 12 library calls 41183->41372 41185 2f887ff _malloc 67 API calls 41184->41185 41185->41187 41187->41071 41188 2f7ea72 41188->41187 41190 2f7387c ___DllMainCRTStartup 41189->41190 41191 2f73882 GetLocalTime 41190->41191 41192 2f73880 41190->41192 41193 2f73894 ___DllMainCRTStartup 41191->41193 41192->41075 41193->41075 41195 2f738d7 ___DllMainCRTStartup 41194->41195 41199 2f7144d 41195->41199 41373 2f7c0d3 103 API calls ___DllMainCRTStartup 41195->41373 41197 2f7390f 41374 2f7c0fd 103 API calls 4 library calls 41197->41374 41199->41084 41199->41085 41201 2f7393e ___DllMainCRTStartup 41200->41201 41202 2f73980 htonl htonl 41201->41202 41211 2f7145b 41201->41211 41203 2f739a0 41202->41203 41202->41211 41204 2f887ff _malloc 67 API calls 41203->41204 41205 2f739a9 _memcpy_s ___DllMainCRTStartup 41204->41205 41208 2f739f3 _memset 41205->41208 41375 2f7c0d3 103 API calls ___DllMainCRTStartup 41205->41375 41207 2f739e1 41376 2f7c0fd 103 API calls 4 library calls 41207->41376 41210 2f88722 __setenvp 67 API calls 41208->41210 41210->41211 41211->41089 41211->41091 41377 2f7efea 41212->41377 41217 2f88c0a ___DllMainCRTStartup 67 API calls 41218 2f780b4 41217->41218 41389 2f71311 41218->41389 41220 2f780ba __RTC_InitBase 41221 2f780d3 GetCurrentProcess 41220->41221 41222 2f780cd 41220->41222 41447 2f74354 GetModuleHandleA GetProcAddress 41221->41447 41392 2f7e442 AllocateAndInitializeSid 41222->41392 41224 2f780df 41224->41222 41228 2f78103 41398 2f7242d 41228->41398 41231 2f7242d ___DllMainCRTStartup htonl 41232 2f7811f 41231->41232 41233 2f7242d ___DllMainCRTStartup htonl 41232->41233 41234 2f7812c 41233->41234 41402 2f723de htonl 41234->41402 41237 2f723de ___DllMainCRTStartup 2 API calls 41238 2f78141 41237->41238 41405 2f723fb htons 41238->41405 41246 2f78162 _memset _memcpy_s ___DllMainCRTStartup 41440 2f7bf60 41246->41440 41248 2f781a7 _memset 41248->41123 41589 2f7dec2 41249->41589 41251 2f72751 ___DllMainCRTStartup 41252 2f727bf InternetOpenA 41251->41252 41253 2f727cd InternetSetOptionA InternetSetOptionA InternetConnectA 41251->41253 41252->41253 41255 2f7281f ___DllMainCRTStartup 41253->41255 41254 2f72858 41592 2f7dee3 41254->41592 41255->41254 41258 2f72836 InternetSetOptionA 41255->41258 41259 2f72844 ___DllMainCRTStartup 41258->41259 41260 2f7284d InternetSetOptionA 41259->41260 41260->41254 41262 2f7dec2 ___DllMainCRTStartup RevertToSelf 41261->41262 41263 2f72e46 41262->41263 41595 2f72c3f 41263->41595 41266 2f7dee3 ___DllMainCRTStartup ImpersonateLoggedOnUser 41267 2f72e5e 41266->41267 41267->41123 41644 2f78b1a 41268->41644 41271 2f78fb9 41672 2f78e51 41271->41672 41274 2f78fc2 GetTickCount 41274->41271 41275 2f78fc8 41274->41275 41683 2f78db3 72 API calls __setenvp 41275->41683 41277 2f78fcd 41277->41123 41279 2f7dec2 ___DllMainCRTStartup RevertToSelf 41278->41279 41280 2f7287a InternetCloseHandle InternetCloseHandle 41279->41280 41283 2f754ac ___DllMainCRTStartup 41281->41283 41282 2f754f8 Sleep 41288 2f754d5 41282->41288 41283->41282 41284 2f754d0 41283->41284 41693 2f75519 153 API calls 2 library calls 41283->41693 41694 2f75657 77 API calls 2 library calls 41284->41694 41287 2f754c7 41287->41282 41287->41284 41288->41123 41289->41078 41290->41080 41291->41084 41292->41091 41293->41095 41294->41123 41295->41123 41296->41123 41297->41128 41298->41128 41299->41128 41300->41128 41301->41128 41302->41123 41303->41123 41305 2f7efea ___DllMainCRTStartup 5 API calls 41304->41305 41306 2f7301e 41305->41306 41306->41123 41307->41102 41308->41108 41309->41154 41310->41154 41312->41153 41313->41153 41314->41158 41315->41160 41316->41146 41317->41160 41319 2f89ebe __aulldiv 41318->41319 41319->41163 41328 2f8d797 41320->41328 41324 2f8d797 __getptd 67 API calls 41323->41324 41325 2f8a0f8 41324->41325 41352 2f90331 41325->41352 41327 2f8a194 41327->41171 41333 2f8d71e GetLastError 41328->41333 41330 2f8d79f 41331 2f88c14 41330->41331 41348 2f88c6e 67 API calls 3 library calls 41330->41348 41331->41165 41334 2f8d5c6 ___set_flsgetvalue 8 API calls 41333->41334 41335 2f8d735 41334->41335 41336 2f8d78b SetLastError 41335->41336 41337 2f8d73d 41335->41337 41336->41330 41349 2f91852 67 API calls __calloc_impl 41337->41349 41339 2f8d749 41339->41336 41350 2f8d54b 6 API calls __crt_waiting_on_module_handle 41339->41350 41341 2f8d763 41342 2f8d76a 41341->41342 41343 2f8d782 41341->41343 41351 2f8d637 67 API calls 5 library calls 41342->41351 41345 2f88722 __setenvp 64 API calls 41343->41345 41347 2f8d788 41345->41347 41346 2f8d772 GetCurrentThreadId 41346->41336 41347->41336 41348->41331 41349->41339 41350->41341 41351->41346 41353 2f90339 41352->41353 41354 2f9033b IsDebuggerPresent 41352->41354 41353->41327 41360 2f92865 41354->41360 41357 2f941bf SetUnhandledExceptionFilter UnhandledExceptionFilter 41358 2f941dc __invoke_watson 41357->41358 41359 2f941e4 GetCurrentProcess TerminateProcess 41357->41359 41358->41359 41359->41327 41360->41357 41362 2f75cd6 ___DllMainCRTStartup 41361->41362 41363 2f713f9 41361->41363 41370 2f78293 htons 41362->41370 41363->41181 41365 2f75cee 41365->41363 41366 2f887ff _malloc 67 API calls 41365->41366 41367 2f7ea37 ___DllMainCRTStartup 72 API calls 41365->41367 41369 2f78489 htons ___DllMainCRTStartup 41365->41369 41371 2f78293 htons 41365->41371 41366->41365 41367->41365 41369->41365 41370->41365 41371->41365 41372->41188 41373->41197 41374->41199 41375->41207 41376->41208 41448 2f7ef82 CryptAcquireContextA 41377->41448 41380 2f78090 41382 2f7becf 41380->41382 41383 2f7bee1 ___DllMainCRTStartup 41382->41383 41455 2f81270 41383->41455 41386 2f7befd ___DllMainCRTStartup 41388 2f78099 GetCurrentProcessId GetTickCount 41386->41388 41461 2f97320 41386->41461 41466 2f88ede 67 API calls _doexit 41386->41466 41388->41217 41390 2f7300f ___DllMainCRTStartup 5 API calls 41389->41390 41391 2f71316 41390->41391 41391->41220 41393 2f7e482 CheckTokenMembership 41392->41393 41394 2f780ed 41392->41394 41395 2f7e497 FreeSid 41393->41395 41396 2f7e494 41393->41396 41397 2f723a9 htonl htonl 41394->41397 41395->41394 41396->41395 41397->41228 41399 2f7245e 41398->41399 41400 2f7243c _memcpy_s 41398->41400 41399->41231 41401 2f7244a htonl 41400->41401 41401->41399 41403 2f7242d ___DllMainCRTStartup htonl 41402->41403 41404 2f723f8 GetCurrentProcessId 41403->41404 41404->41237 41406 2f7242d ___DllMainCRTStartup htonl 41405->41406 41407 2f72418 41406->41407 41408 2f7241b 41407->41408 41409 2f7242d ___DllMainCRTStartup htonl 41408->41409 41410 2f7242a 41409->41410 41411 2f77f09 41410->41411 41412 2f781bc ___DllMainCRTStartup 67 API calls 41411->41412 41413 2f77f1c ___DllMainCRTStartup 41412->41413 41414 2f77f5e GetUserNameA GetComputerNameA 41413->41414 41468 2f72f10 41414->41468 41417 2f77f9c _strrchr 41418 2f77fb9 GetVersionExA 41417->41418 41419 2f7241b ___DllMainCRTStartup htonl 41418->41419 41420 2f77fd6 41419->41420 41421 2f7241b ___DllMainCRTStartup htonl 41420->41421 41422 2f77fe1 41421->41422 41423 2f723fb ___DllMainCRTStartup 2 API calls 41422->41423 41424 2f77fec 41423->41424 41425 2f723de ___DllMainCRTStartup 2 API calls 41424->41425 41426 2f77ff4 41425->41426 41427 2f723de ___DllMainCRTStartup 2 API calls 41426->41427 41428 2f78000 41427->41428 41429 2f723de ___DllMainCRTStartup 2 API calls 41428->41429 41430 2f7800c 41429->41430 41431 2f723de ___DllMainCRTStartup 2 API calls 41430->41431 41432 2f78015 41431->41432 41471 2f88956 41432->41471 41435 2f7242d ___DllMainCRTStartup htonl 41436 2f78051 41435->41436 41486 2f78207 41436->41486 41439 2f72468 htonl 41439->41246 41441 2f7bf71 ___DllMainCRTStartup 41440->41441 41443 2f7bf9d 41441->41443 41511 2f80cd9 41441->41511 41446 2f7bfc8 41443->41446 41535 2f811a5 41443->41535 41539 2f88ede 67 API calls _doexit 41443->41539 41446->41248 41447->41224 41449 2f7efc2 CryptGenRandom 41448->41449 41450 2f7efab CryptAcquireContextA 41448->41450 41452 2f7efd7 CryptReleaseContext 41449->41452 41453 2f7efe6 41449->41453 41450->41449 41451 2f7efbe 41450->41451 41451->41380 41454 2f7ef0c GetSystemTimeAsFileTime _clock 41451->41454 41452->41451 41453->41452 41454->41380 41456 2f8127b ___DllMainCRTStartup 41455->41456 41457 2f8128f 41456->41457 41458 2f887ff _malloc 67 API calls 41456->41458 41457->41386 41459 2f8129e 41458->41459 41459->41457 41460 2f88722 __setenvp 67 API calls 41459->41460 41460->41457 41464 2f97344 ___DllMainCRTStartup 41461->41464 41463 2f97b1f 41463->41386 41465 2f97960 41464->41465 41467 2f98df9 28 API calls _RTC_Failure 41464->41467 41465->41386 41466->41386 41467->41463 41492 2f72f1b 41468->41492 41472 2f88983 41471->41472 41473 2f88966 41471->41473 41474 2f889af 41472->41474 41476 2f88992 41472->41476 41505 2f8a641 67 API calls __getptd_noexit 41473->41505 41509 2f8b90b 103 API calls 14 library calls 41474->41509 41507 2f8a641 67 API calls __getptd_noexit 41476->41507 41477 2f8896b 41506 2f8c5da 6 API calls 2 library calls 41477->41506 41481 2f88997 41508 2f8c5da 6 API calls 2 library calls 41481->41508 41482 2f889dd 41484 2f7802d 41482->41484 41510 2f8b7a7 101 API calls 7 library calls 41482->41510 41484->41435 41487 2f78215 ___DllMainCRTStartup 41486->41487 41488 2f88722 __setenvp 67 API calls 41487->41488 41489 2f7821c 41488->41489 41490 2f88722 __setenvp 67 API calls 41489->41490 41491 2f7805a 41490->41491 41491->41439 41499 2f72e6e 41492->41499 41494 2f72f36 WSASocketA 41495 2f72f50 WSAIoctl 41494->41495 41496 2f72f18 GetModuleFileNameA 41494->41496 41497 2f72f74 closesocket 41495->41497 41496->41417 41497->41496 41500 2f72e83 WSAStartup 41499->41500 41503 2f72ea5 ___DllMainCRTStartup 41499->41503 41501 2f72e99 WSACleanup 41500->41501 41500->41503 41504 2f88ede 67 API calls _doexit 41501->41504 41503->41494 41504->41503 41505->41477 41507->41481 41509->41482 41510->41484 41540 2f8199b 41511->41540 41517 2f80dd8 41518 2f80e67 41517->41518 41521 2f80de3 41517->41521 41519 2f88722 __setenvp 67 API calls 41518->41519 41520 2f80e6f 41519->41520 41553 2f81e70 67 API calls 3 library calls 41520->41553 41552 2f81e70 67 API calls 3 library calls 41521->41552 41524 2f80e85 41530 2f80f39 41524->41530 41531 2f80ea6 41524->41531 41534 2f80d49 ___DllMainCRTStartup 41524->41534 41525 2f80e41 41526 2f80e59 41525->41526 41527 2f80e4e 41525->41527 41528 2f88722 __setenvp 67 API calls 41526->41528 41529 2f88722 __setenvp 67 API calls 41527->41529 41528->41534 41529->41534 41530->41534 41555 2f81e70 67 API calls 3 library calls 41530->41555 41531->41534 41554 2f81e70 67 API calls 3 library calls 41531->41554 41534->41443 41536 2f811b5 ___DllMainCRTStartup 41535->41536 41538 2f811d6 41536->41538 41580 2f81f72 41536->41580 41538->41443 41539->41443 41541 2f80d29 41540->41541 41542 2f819a9 41540->41542 41541->41534 41544 2f96990 41541->41544 41542->41541 41556 2f83ef7 41542->41556 41559 2f9611c 41544->41559 41546 2f969aa 41550 2f80d40 41546->41550 41572 2f8a641 67 API calls __getptd_noexit 41546->41572 41548 2f969bd 41548->41550 41573 2f8a641 67 API calls __getptd_noexit 41548->41573 41550->41534 41551 2f81a0c 5 API calls ___DllMainCRTStartup 41550->41551 41551->41517 41552->41525 41553->41524 41554->41534 41555->41534 41557 2f887ff _malloc 67 API calls 41556->41557 41558 2f83f03 41557->41558 41558->41542 41560 2f96128 ___DllMainCRTStartup 41559->41560 41561 2f9615f _memset 41560->41561 41562 2f96140 41560->41562 41565 2f961d1 RtlAllocateHeap 41561->41565 41569 2f96155 ___DllMainCRTStartup 41561->41569 41576 2f8a8aa 67 API calls 2 library calls 41561->41576 41577 2f8b0bc 5 API calls 2 library calls 41561->41577 41578 2f96218 LeaveCriticalSection _doexit 41561->41578 41579 2f8b77f 6 API calls __decode_pointer 41561->41579 41574 2f8a641 67 API calls __getptd_noexit 41562->41574 41564 2f96145 41575 2f8c5da 6 API calls 2 library calls 41564->41575 41565->41561 41569->41546 41572->41548 41573->41550 41574->41564 41576->41561 41577->41561 41578->41561 41579->41561 41581 2f81f7f ___DllMainCRTStartup 41580->41581 41582 2f81fa2 _memcpy_s 41581->41582 41586 2f81165 41581->41586 41582->41538 41583 2f81fcf 41583->41582 41584 2f81165 5 API calls 41583->41584 41584->41583 41587 2f7efea ___DllMainCRTStartup 5 API calls 41586->41587 41588 2f81173 41587->41588 41588->41583 41590 2f7ded1 41589->41590 41591 2f7decb RevertToSelf 41589->41591 41590->41251 41591->41590 41593 2f7285d 41592->41593 41594 2f7deec ImpersonateLoggedOnUser 41592->41594 41593->41123 41594->41593 41596 2f72c85 _memset 41595->41596 41634 2f79c49 41596->41634 41598 2f72c95 41599 2f88956 __snprintf 103 API calls 41598->41599 41600 2f72cac ___DllMainCRTStartup 41599->41600 41638 2f795f6 41600->41638 41602 2f72cce 41603 2f72d01 41602->41603 41604 2f75eec ___DllMainCRTStartup 103 API calls 41602->41604 41606 2f72d2d 41603->41606 41607 2f72d1d 41603->41607 41605 2f72ceb 41604->41605 41608 2f75fb6 ___DllMainCRTStartup 103 API calls 41605->41608 41610 2f88956 __snprintf 103 API calls 41606->41610 41609 2f88956 __snprintf 103 API calls 41607->41609 41608->41603 41611 2f72d28 ___DllMainCRTStartup 41609->41611 41610->41611 41612 2f72d62 HttpOpenRequestA 41611->41612 41613 2f728bc ___DllMainCRTStartup InternetQueryOptionA InternetSetOptionA InternetSetStatusCallback 41612->41613 41614 2f72d77 HttpSendRequestA 41613->41614 41616 2f79cc6 ___DllMainCRTStartup 67 API calls 41614->41616 41617 2f72da0 41616->41617 41618 2f7291b ___DllMainCRTStartup HttpQueryInfoA 41617->41618 41619 2f72da6 41618->41619 41620 2f72dab 41619->41620 41621 2f72db9 InternetQueryDataAvailable 41619->41621 41622 2f72dae InternetCloseHandle 41620->41622 41623 2f72e2e InternetCloseHandle 41621->41623 41624 2f72dca 41621->41624 41625 2f72e38 41622->41625 41623->41625 41624->41623 41626 2f72dd2 41624->41626 41625->41266 41626->41620 41626->41622 41627 2f72ddb InternetReadFile 41626->41627 41628 2f72e08 41627->41628 41629 2f72df8 41627->41629 41628->41620 41630 2f72e0d InternetCloseHandle 41628->41630 41629->41627 41629->41628 41631 2f72e1f ___DllMainCRTStartup 41630->41631 41632 2f79afe ___DllMainCRTStartup 68 API calls 41631->41632 41633 2f72e2a 41632->41633 41633->41625 41635 2f79c58 41634->41635 41636 2f781bc ___DllMainCRTStartup 67 API calls 41635->41636 41637 2f79c6f ___DllMainCRTStartup 41636->41637 41637->41598 41641 2f7961c _memset _memcpy_s ___DllMainCRTStartup 41638->41641 41642 2f78250 htonl 41641->41642 41643 2f78426 htonl _memcpy_s ___DllMainCRTStartup 41641->41643 41642->41641 41643->41641 41645 2f78da4 GetTickCount 41644->41645 41654 2f78b43 41644->41654 41645->41271 41646 2f78b52 htonl select 41647 2f78bca __WSAFDIsSet 41646->41647 41646->41654 41648 2f78be1 accept ioctlsocket 41647->41648 41647->41654 41652 2f78da6 closesocket 41648->41652 41671 2f78c0b ___DllMainCRTStartup 41648->41671 41649 2f78c7f __WSAFDIsSet 41653 2f78c96 accept 41649->41653 41649->41654 41650 2f78ce4 __WSAFDIsSet 41650->41654 41655 2f78cf1 __WSAFDIsSet 41650->41655 41651 2f78d0b __WSAFDIsSet 41651->41654 41656 2f78d14 __WSAFDIsSet 41651->41656 41652->41645 41688 2f77e11 ioctlsocket 41653->41688 41654->41645 41654->41646 41654->41649 41654->41650 41654->41651 41689 2f775e5 126 API calls 3 library calls 41654->41689 41691 2f712d0 126 API calls ___DllMainCRTStartup 41654->41691 41655->41654 41658 2f78d75 GetTickCount 41655->41658 41656->41654 41659 2f78d27 __WSAFDIsSet 41656->41659 41658->41654 41659->41658 41661 2f78d3a accept 41659->41661 41664 2f78d54 41661->41664 41690 2f712d0 126 API calls ___DllMainCRTStartup 41664->41690 41667 2f78d68 closesocket 41667->41654 41668 2f7171b htonl ___DllMainCRTStartup 41668->41671 41671->41654 41671->41668 41684 2f78520 68 API calls _malloc 41671->41684 41685 2f716cb 67 API calls 2 library calls 41671->41685 41686 2f712d0 126 API calls ___DllMainCRTStartup 41671->41686 41687 2f71864 67 API calls 2 library calls 41671->41687 41673 2f78e7a 41672->41673 41674 2f78e70 41672->41674 41675 2f78f99 41673->41675 41677 2f78ea1 htonl recvfrom 41673->41677 41678 2f78f0e htonl ioctlsocket 41673->41678 41680 2f78f40 41673->41680 41681 2f712d0 126 API calls ___DllMainCRTStartup 41673->41681 41676 2f887ff _malloc 67 API calls 41674->41676 41675->41274 41675->41275 41676->41673 41677->41673 41679 2f78edb WSAGetLastError 41677->41679 41678->41673 41679->41673 41680->41673 41692 2f784d4 recv shutdown closesocket 41680->41692 41681->41673 41683->41277 41684->41671 41685->41671 41686->41671 41687->41671 41688->41654 41689->41654 41690->41667 41691->41654 41692->41680 41693->41287 41694->41288

                                                                              Executed Functions

                                                                              Function 02F77F09 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781C2
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781D2
                                                                              • GetUserNameA.ADVAPI32(?,?), ref: 02F77F6E
                                                                              • GetComputerNameA.KERNEL32(?,?), ref: 02F77F7E
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000100,?,?,?,?,?,?,?,?,?,00000000), ref: 02F77F92
                                                                              • _strrchr.LIBCMT ref: 02F77FA1
                                                                              • GetVersionExA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 02F77FBC
                                                                              • __snprintf.LIBCMT ref: 02F78028
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Name$_malloc$ComputerFileModuleUserVersion__snprintf_strrchr
                                                                              • String ID: %s%s%s
                                                                              • API String ID: 1877169212-1891519693
                                                                              • Opcode ID: 9e04ac3773871c0be354fd3f6cd7a958e5a8f37997959e641696fdb20ddeb214
                                                                              • Instruction ID: cb97fdcf9433a3712b3dbb869e8e91f2b0543c64e669e9d79372ba71805f13e0
                                                                              • Opcode Fuzzy Hash: 9e04ac3773871c0be354fd3f6cd7a958e5a8f37997959e641696fdb20ddeb214
                                                                              • Instruction Fuzzy Hash: 4A41C071D00209AFDF01AFA4ED49DBEBFB6EF047C0F10446AEA00A6250DB719A50EF60
                                                                              Function 02F78E51 Relevance: 9.1, APIs: 6, Instructions: 113networkCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 318 2f78e51-2f78e6e 319 2f78e80-2f78e82 318->319 320 2f78e70-2f78e75 call 2f887ff 318->320 321 2f78f99-2f78fa0 319->321 322 2f78e88 319->322 325 2f78e7a-2f78e7b 320->325 324 2f78e8d-2f78e91 322->324 326 2f78e97-2f78e9f 324->326 327 2f78f8e-2f78f93 324->327 325->319 328 2f78ea1-2f78ed9 htonl recvfrom 326->328 329 2f78f0e-2f78f30 htonl ioctlsocket 326->329 327->321 327->324 330 2f78ef2-2f78ef4 328->330 331 2f78edb-2f78ee6 WSAGetLastError 328->331 332 2f78f35-2f78f38 329->332 333 2f78f32 329->333 330->327 335 2f78efa-2f78f0c 330->335 331->327 334 2f78eec-2f78ef0 331->334 336 2f78f5a-2f78f5b 332->336 337 2f78f3a-2f78f3e 332->337 333->332 338 2f78f5c-2f78f6e call 2f712d0 334->338 339 2f78f83-2f78f8b call 2f712d0 335->339 336->338 337->327 340 2f78f40-2f78f58 call 2f784d4 337->340 338->327 339->327 340->336 347 2f78f70-2f78f75 340->347 347->327 348 2f78f77-2f78f7d 347->348 348->339
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 02F78E75
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              • htonl.WS2_32(?), ref: 02F78EA1
                                                                              • recvfrom.WS2_32(00000000,?,000FFFFC,00000000,?,?), ref: 02F78ED0
                                                                              • WSAGetLastError.WS2_32 ref: 02F78EDB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateErrorHeapLast_mallochtonlrecvfrom
                                                                              • String ID:
                                                                              • API String ID: 987280018-0
                                                                              • Opcode ID: dbab37e7e9f08a534d7dff8276005f72752bd3b035bc310b575cde3304dcfae9
                                                                              • Instruction ID: a87bc41dd4a99eddf5fe6f810f2ebff7328de750d468fe6c626411760d8aca81
                                                                              • Opcode Fuzzy Hash: dbab37e7e9f08a534d7dff8276005f72752bd3b035bc310b575cde3304dcfae9
                                                                              • Instruction Fuzzy Hash: B541D371D00208EFEB219FA4EC48FAEB7B6EB443E5F14462AF711A6190D7709914EF50
                                                                              Function 02F7EF82 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44encryptionCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 349 2f7ef82-2f7efa9 CryptAcquireContextA 350 2f7efc2-2f7efd5 CryptGenRandom 349->350 351 2f7efab-2f7efbc CryptAcquireContextA 349->351 353 2f7efd7-2f7efe4 CryptReleaseContext 350->353 354 2f7efe6-2f7efe8 350->354 351->350 352 2f7efbe-2f7efc1 351->352 353->352 354->353
                                                                              APIs
                                                                              • CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000020,00000000,00000000,?,?,02F7EFF8,?,02F78090,?,02F78090,?), ref: 02F7EFA5
                                                                              • CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000028,?,?,02F7EFF8,?,02F78090,?,02F78090,?), ref: 02F7EFB8
                                                                              • CryptGenRandom.ADVAPI32(00000000,02F78090,?,?,?,02F7EFF8,?,02F78090,?,02F78090,?), ref: 02F7EFCC
                                                                              • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,02F7EFF8,?,02F78090,?,02F78090,?), ref: 02F7EFDC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Crypt$Context$Acquire$RandomRelease
                                                                              • String ID: Microsoft Base Cryptographic Provider v1.0
                                                                              • API String ID: 685801729-291530887
                                                                              • Opcode ID: e79271934cafc3f72c26382e4835109149c380cbec7e019635f8fd11fab60f84
                                                                              • Instruction ID: d7038dfadd0e6fcc2993fdf8b8ac51ca8666807e20159cfdbc495973ed9fa530
                                                                              • Opcode Fuzzy Hash: e79271934cafc3f72c26382e4835109149c380cbec7e019635f8fd11fab60f84
                                                                              • Instruction Fuzzy Hash: DFF04436E44218F7DF218751DD05FCEBB6CEB44B94F204092FA01E6190D771AA00DBA4
                                                                              Function 02F72C3F Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 186networkfileCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F72C80
                                                                              • __snprintf.LIBCMT ref: 02F72CA7
                                                                                • Part of subcall function 02F795F6: _memset.LIBCMT ref: 02F79617
                                                                              • __snprintf.LIBCMT ref: 02F72D23
                                                                              • __snprintf.LIBCMT ref: 02F72D3A
                                                                              • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,02FA1540,02FAFFC4), ref: 02F72D69
                                                                              • HttpSendRequestA.WININET(00000000,?,?,02F72E54,?), ref: 02F72D92
                                                                              • InternetCloseHandle.WININET(00000000), ref: 02F72DAF
                                                                                • Part of subcall function 02F75EEC: _memset.LIBCMT ref: 02F75EFC
                                                                                • Part of subcall function 02F75EEC: _memset.LIBCMT ref: 02F75F08
                                                                                • Part of subcall function 02F75EEC: __snprintf.LIBCMT ref: 02F75F59
                                                                                • Part of subcall function 02F75EEC: _memset.LIBCMT ref: 02F75F90
                                                                                • Part of subcall function 02F75EEC: _memset.LIBCMT ref: 02F75F9B
                                                                                • Part of subcall function 02F75FB6: _memset.LIBCMT ref: 02F75FC6
                                                                                • Part of subcall function 02F75FB6: _memset.LIBCMT ref: 02F75FD2
                                                                                • Part of subcall function 02F75FB6: __snprintf.LIBCMT ref: 02F7602E
                                                                                • Part of subcall function 02F75FB6: _memset.LIBCMT ref: 02F7604C
                                                                                • Part of subcall function 02F75FB6: _memset.LIBCMT ref: 02F76057
                                                                              • InternetQueryDataAvailable.WININET(00000000,02F7158B,00000000,00000000), ref: 02F72DC0
                                                                              • InternetReadFile.WININET(00000000,?,00001000,?), ref: 02F72DEE
                                                                              • InternetCloseHandle.WININET(00000000), ref: 02F72E0E
                                                                              • InternetCloseHandle.WININET(00000000), ref: 02F72E2F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$Internet__snprintf$CloseHandle$HttpRequest$AvailableDataFileOpenQueryReadSend
                                                                              • String ID: %s%s$*/*
                                                                              • API String ID: 2172916581-856325523
                                                                              • Opcode ID: aae935168cbf004c2c4c43f46715ce5dcf67855f38d1e48aefb60fb8a2c06071
                                                                              • Instruction ID: 7f3dea489ac7b9ff5b154e13671b6bab656fb6f1a4bab886fb5edc7e8108e745
                                                                              • Opcode Fuzzy Hash: aae935168cbf004c2c4c43f46715ce5dcf67855f38d1e48aefb60fb8a2c06071
                                                                              • Instruction Fuzzy Hash: 89519DB2D4011DBFDB12AFA4EC84DEEBBBEEB04794F00045AFA15A7150DB319955CB60
                                                                              Function 02F78060 Relevance: 12.1, APIs: 8, Instructions: 124COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetACP.KERNEL32(00000000,00000000,00000080,?,?,?,?,?,?,?,?,02F714C0,00000000,00000000), ref: 02F78069
                                                                              • GetOEMCP.KERNEL32(?,?,?,?,?,?,?,?,02F714C0,00000000,00000000), ref: 02F78075
                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,02F714C0,00000000), ref: 02F780A2
                                                                              • GetTickCount.KERNEL32 ref: 02F780A6
                                                                                • Part of subcall function 02F88C0A: __getptd.LIBCMT ref: 02F88C0F
                                                                              • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,02F714C0,00000000), ref: 02F780D3
                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,02F714C0,00000000), ref: 02F78139
                                                                              • _memset.LIBCMT ref: 02F78170
                                                                              • _memset.LIBCMT ref: 02F781AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CurrentProcess$_memset$CountTick__getptd
                                                                              • String ID:
                                                                              • API String ID: 3908538216-0
                                                                              • Opcode ID: f5efcaab679e6fad1770d2f2995f4881e0fd426c2468ba4f7c7aad5d2777f947
                                                                              • Instruction ID: 58e01c67eef6edd4f3d406dc8c24b80766acd09df037b7a60cf0d4798eae16f8
                                                                              • Opcode Fuzzy Hash: f5efcaab679e6fad1770d2f2995f4881e0fd426c2468ba4f7c7aad5d2777f947
                                                                              • Instruction Fuzzy Hash: 9731D572D40208BADB11BBB5FC48E9EBBAE9F083D4F144467EB04A7181DE74D9549F60
                                                                              Function 02F7131C Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 308COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 149 2f7131c-2f71427 call 2f781bc call 2f78382 * 3 call 2f7c2f3 call 2f7c2dd call 2f7c2e8 call 2f7c2f3 * 2 call 2f887ff call 2f7c2e8 * 3 call 2f7c2dd call 2f7cb1c call 2f75c3e call 2f7ea37 * 2 call 2f7386e 188 2f7142e-2f71441 call 2f7c2e8 call 2f738b1 149->188 189 2f71429 call 2f7de47 149->189 195 2f71443 call 2f7de47 188->195 196 2f71448-2f7144f call 2f738cc 188->196 189->188 195->196 200 2f71456-2f7145d call 2f73927 196->200 201 2f71451 call 2f7de47 196->201 205 2f71464-2f71494 call 2f7c2dd call 2f7c2e8 call 2f887ff 200->205 206 2f7145f call 2f7de47 200->206 201->200 214 2f71496 call 2f7de47 205->214 215 2f7149b-2f714c6 call 2f7c2e8 call 2f7ea37 call 2f7c2e8 call 2f78060 205->215 206->205 214->215 225 2f714c7-2f714c8 215->225 226 2f714ce-2f7153e call 2f7cdfa call 2f88956 call 2f7cdfa call 2f88956 * 2 call 2f75c6a 225->226 227 2f716ac-2f716ca call 2f7cea0 call 2f88722 call 2f7de47 225->227 246 2f71540-2f71545 226->246 247 2f7155f-2f71592 call 2f7273c call 2f7c2e8 call 2f72e3d 226->247 249 2f71548-2f7154d 246->249 259 2f71594-2f715a2 call 2f7bcc5 247->259 260 2f715bd-2f715c0 247->260 249->249 250 2f7154f-2f71551 249->250 250->247 252 2f71553-2f7155e call 2f76072 250->252 252->247 268 2f715a4-2f715b0 call 2f7a36c 259->268 269 2f715b2-2f715b5 259->269 261 2f715c2 call 2f78fa1 260->261 262 2f71628 260->262 267 2f715c7-2f715d1 call 2f7c2e8 261->267 266 2f71630-2f7163c call 2f72874 call 2f7386e 262->266 280 2f71643-2f71657 call 2f7ce28 266->280 281 2f7163e call 2f7de47 266->281 278 2f715d3-2f715d8 267->278 279 2f715da 267->279 268->260 269->260 282 2f715df-2f715f6 call 2f74f55 call 2f77853 call 2f77017 call 2f7386e 278->282 279->282 288 2f7165e-2f71666 280->288 289 2f71659 call 2f7de47 280->289 281->280 308 2f715fd-2f71604 282->308 309 2f715f8 call 2f72fb7 282->309 288->227 292 2f71668-2f7166f 288->292 289->288 294 2f71671-2f7167f 292->294 295 2f7169a-2f7169b call 2f754a0 292->295 299 2f71692 294->299 300 2f71681-2f71690 call 2f7300f 294->300 303 2f716a0-2f716a7 295->303 302 2f71694-2f71696 299->302 300->302 302->295 306 2f71698 302->306 303->225 306->295 308->266 311 2f71606-2f71626 call 2f72874 call 2f7273c call 2f72962 308->311 309->308 311->266
                                                                              APIs
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781C2
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781D2
                                                                              • _malloc.LIBCMT ref: 02F713B2
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                                • Part of subcall function 02F7CB1C: __time64.LIBCMT ref: 02F7CB28
                                                                                • Part of subcall function 02F7CB1C: _malloc.LIBCMT ref: 02F7CB71
                                                                                • Part of subcall function 02F7CB1C: _memset.LIBCMT ref: 02F7CB8F
                                                                                • Part of subcall function 02F7CB1C: _strtok.LIBCMT ref: 02F7CBB4
                                                                                • Part of subcall function 02F7CB1C: _strtok.LIBCMT ref: 02F7CBE6
                                                                                • Part of subcall function 02F75C3E: __time64.LIBCMT ref: 02F75C4B
                                                                                • Part of subcall function 02F7EA37: _malloc.LIBCMT ref: 02F7EA5E
                                                                                • Part of subcall function 02F7EA37: _memset.LIBCMT ref: 02F7EA8C
                                                                                • Part of subcall function 02F7EA37: _realloc.LIBCMT ref: 02F7EA6D
                                                                              • _malloc.LIBCMT ref: 02F71486
                                                                              • __snprintf.LIBCMT ref: 02F714E8
                                                                              • __snprintf.LIBCMT ref: 02F71507
                                                                              • __snprintf.LIBCMT ref: 02F71525
                                                                                • Part of subcall function 02F7DE47: Sleep.KERNEL32(000003E8,00000000,00000000,00000080,02F716C4), ref: 02F7DE84
                                                                                • Part of subcall function 02F7DE47: ExitThread.KERNEL32 ref: 02F7DE8E
                                                                                • Part of subcall function 02F7273C: InternetOpenA.WININET(02F71572,00000003,00000000,00000000,00000000), ref: 02F727C2
                                                                                • Part of subcall function 02F7273C: InternetSetOptionA.WININET(00000005,0003A980,00000004), ref: 02F727E1
                                                                                • Part of subcall function 02F7273C: InternetSetOptionA.WININET(00000006,0003A980,00000004), ref: 02F727F1
                                                                                • Part of subcall function 02F7273C: InternetConnectA.WININET(?,?,00000000,00000000,00000003,00000000,02FAFFC4), ref: 02F72809
                                                                                • Part of subcall function 02F7273C: InternetSetOptionA.WININET(00000000,0000002B,00000000,00000000), ref: 02F7283A
                                                                                • Part of subcall function 02F7273C: InternetSetOptionA.WININET(0000002C,00000000,00000000), ref: 02F72856
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Internet_malloc$Option$__snprintf$__time64_memset_strtok$AllocateConnectExitHeapOpenSleepThread_realloc
                                                                              • String ID: /submit.php
                                                                              • API String ID: 3506699640-1804779596
                                                                              • Opcode ID: 62de4333f99b54ae9b0e2369f2f86231524ab2608abffce0b30dde16069e2230
                                                                              • Instruction ID: 9e22f8f378f0214ed850d5c757d3a8336fc924c3d52938196dfacc020e78b6a5
                                                                              • Opcode Fuzzy Hash: 62de4333f99b54ae9b0e2369f2f86231524ab2608abffce0b30dde16069e2230
                                                                              • Instruction Fuzzy Hash: 6A91E572A443016BE6217B749C05B2F76E7AF94BE4F04092FFB88A61D0DF71C9448E56
                                                                              Function 005B01BB Relevance: 6.1, APIs: 4, Instructions: 64networkmemoryfileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 355 5b01bb-5b01db InternetConnectA HttpOpenRequestA 356 5b01dc-5b01fe 355->356 359 5b0200-5b020d 356->359 360 5b0214-5b022b VirtualAlloc 356->360 359->356 362 5b020f call 5b025f 359->362 361 5b022d-5b023e InternetReadFile 360->361 361->362 363 5b0240-5b0246 361->363 362->360 363->361 365 5b0248-5b0249 363->365
                                                                              APIs
                                                                              • InternetConnectA.WININET(C69F8957,00000000,005B0250,00001E14,00000000,00000000,00000003,00000000,00000000,?,696E6977,0074656E), ref: 005B01C1
                                                                              • HttpOpenRequestA.WININET(3B2E55EB,00000000,00000000,005B0142,00000000,00000000,00000000,84E83200,00000000,?,696E6977,0074656E), ref: 005B01D6
                                                                              • VirtualAlloc.KERNELBASE(E553A458,00000000,00400000,00001000,00000040,?,00000004,00003380,?,696E6977,0074656E), ref: 005B0226
                                                                              • InternetReadFile.WININET(E2899612,00000000,00000000,00002000,?,00000000,00000000,?,00000004,00003380,?,696E6977,0074656E), ref: 005B023A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326164826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_5b0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Internet$AllocConnectFileHttpOpenReadRequestVirtual
                                                                              • String ID:
                                                                              • API String ID: 258568742-0
                                                                              • Opcode ID: 8222e1ed613a5004f83bfca5506e7cb4d7e87315635c2318f891edc763e5e0b3
                                                                              • Instruction ID: d5fac3c51d326059f5025ef250ddf2239ffeff000a2a9d20cfcc47d17be09132
                                                                              • Opcode Fuzzy Hash: 8222e1ed613a5004f83bfca5506e7cb4d7e87315635c2318f891edc763e5e0b3
                                                                              • Instruction Fuzzy Hash: 4C01ECE438135E3EF53112A69CCBFBB6D4CDB95BECF110010BB08AA0C1E990DC0484BA
                                                                              Function 02F72F1B Relevance: 4.6, APIs: 3, Instructions: 68networkCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 403 2f72f1b-2f72f4a call 2f72e6e WSASocketA 406 2f72f50-2f72f72 WSAIoctl 403->406 407 2f72f4c-2f72f4e 403->407 409 2f72f74-2f72f7e 406->409 410 2f72f80-2f72f84 406->410 408 2f72fb2-2f72fb6 407->408 409->410 411 2f72f86 410->411 412 2f72fa8-2f72faf closesocket 410->412 413 2f72f8c-2f72f91 411->413 412->408 414 2f72f93-2f72f96 413->414 415 2f72f98-2f72f9e 413->415 414->415 416 2f72fa2-2f72fa5 414->416 415->413 417 2f72fa0 415->417 416->412 417->412
                                                                              APIs
                                                                                • Part of subcall function 02F72E6E: WSAStartup.WS2_32(00000202,?), ref: 02F72E8F
                                                                                • Part of subcall function 02F72E6E: WSACleanup.WS2_32 ref: 02F72E99
                                                                              • WSASocketA.WS2_32(00000002,00000002,00000000,00000000,00000000,00000000), ref: 02F72F3F
                                                                              • WSAIoctl.WS2_32(00000000,4004747F,00000000,00000000,?,000005F0,?,00000000,00000000), ref: 02F72F6A
                                                                              • closesocket.WS2_32(00000000), ref: 02F72FA9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CleanupIoctlSocketStartupclosesocket
                                                                              • String ID:
                                                                              • API String ID: 1100289767-0
                                                                              • Opcode ID: f30efcab5d80e0c5e71f399ca65662fdd630f11ada82d2d75c6706c01a7e9ec4
                                                                              • Instruction ID: 7664c6655578d78793187995610c6883b9cbae093c1b94032876804e01920371
                                                                              • Opcode Fuzzy Hash: f30efcab5d80e0c5e71f399ca65662fdd630f11ada82d2d75c6706c01a7e9ec4
                                                                              • Instruction Fuzzy Hash: 9A11A371B411287BE7208A65DC49FEFBFADDB857E0F108026FE0996180D77088418AA0
                                                                              Function 02F781BC Relevance: 4.5, APIs: 3, Instructions: 35COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 418 2f781bc-2f781cc call 2f887ff 421 2f78204-2f78206 418->421 422 2f781ce-2f781d2 call 2f887ff 418->422 424 2f781d7-2f781dc 422->424 425 2f781de-2f781e7 call 2f88722 424->425 426 2f781e9-2f78201 call 2f90520 call 2f78237 424->426 432 2f78203 425->432 426->432 432->421
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 02F781C2
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              • _malloc.LIBCMT ref: 02F781D2
                                                                              • _memset.LIBCMT ref: 02F781EF
                                                                                • Part of subcall function 02F88722: __lock.LIBCMT ref: 02F88740
                                                                                • Part of subcall function 02F88722: ___sbh_find_block.LIBCMT ref: 02F8874B
                                                                                • Part of subcall function 02F88722: ___sbh_free_block.LIBCMT ref: 02F8875A
                                                                                • Part of subcall function 02F88722: HeapFree.KERNEL32(00000000,00000000,02FA35A0,0000000C,02F8D788,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C), ref: 02F8878A
                                                                                • Part of subcall function 02F88722: GetLastError.KERNEL32(?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5,00000000,00000000,?,02F8D842,0000000D), ref: 02F8879B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Heap_malloc$AllocateErrorFreeLast___sbh_find_block___sbh_free_block__lock_memset
                                                                              • String ID:
                                                                              • API String ID: 1561657895-0
                                                                              • Opcode ID: 21c09f07a7fc623b024758759923ff1919fe7979f59a699eda9de8700b3a409b
                                                                              • Instruction ID: 23139c58a2191e6ceffdde6fe2a454a5de4c391bc4718c9e6d60afcf44fca363
                                                                              • Opcode Fuzzy Hash: 21c09f07a7fc623b024758759923ff1919fe7979f59a699eda9de8700b3a409b
                                                                              • Instruction Fuzzy Hash: 8EE0923B60451D37DA22396A9C04F9F7E2BCF827F1F50402AFB085A140DF118901AAE5
                                                                              Function 02F78FA1 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 434 2f78fa1-2f78fb3 call 2f78b1a GetTickCount 437 2f78fb9 call 2f78e51 434->437 439 2f78fbe-2f78fc0 437->439 440 2f78fc2-2f78fc6 GetTickCount 439->440 441 2f78fc8-2f78fd0 call 2f78db3 439->441 440->437 440->441
                                                                              APIs
                                                                                • Part of subcall function 02F78B1A: htonl.WS2_32(?), ref: 02F78B54
                                                                                • Part of subcall function 02F78B1A: select.WS2_32(00000000,?,?,?,?), ref: 02F78BB8
                                                                                • Part of subcall function 02F78B1A: __WSAFDIsSet.WS2_32(00000000,?), ref: 02F78BD4
                                                                                • Part of subcall function 02F78B1A: accept.WS2_32(00000000,00000000,00000000), ref: 02F78BE9
                                                                                • Part of subcall function 02F78B1A: ioctlsocket.WS2_32(00000000,8004667E,?), ref: 02F78BFC
                                                                              • GetTickCount.KERNEL32 ref: 02F78FAF
                                                                                • Part of subcall function 02F78E51: _malloc.LIBCMT ref: 02F78E75
                                                                                • Part of subcall function 02F78E51: htonl.WS2_32(?), ref: 02F78EA1
                                                                                • Part of subcall function 02F78E51: recvfrom.WS2_32(00000000,?,000FFFFC,00000000,?,?), ref: 02F78ED0
                                                                                • Part of subcall function 02F78E51: WSAGetLastError.WS2_32 ref: 02F78EDB
                                                                              • GetTickCount.KERNEL32 ref: 02F78FC2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTickhtonl$ErrorLast_mallocacceptioctlsocketrecvfromselect
                                                                              • String ID:
                                                                              • API String ID: 597769433-0
                                                                              • Opcode ID: 0d774244d0a3028f2b51a375d57fb299b9d84b91fc9c012912d2e77fa6da344f
                                                                              • Instruction ID: cac96998e3cba28748de99df0c617390e1feae32d7a1ff75e37c88e2cf11fa34
                                                                              • Opcode Fuzzy Hash: 0d774244d0a3028f2b51a375d57fb299b9d84b91fc9c012912d2e77fa6da344f
                                                                              • Instruction Fuzzy Hash: FAD0A902B1002441A10033BAAC080AEAA8B8DC12F43381833D601C3200EE64A8823EB2
                                                                              Function 02F80CD9 Relevance: 1.8, APIs: 1, Instructions: 257COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 444 2f80cd9-2f80d2e call 2f8199b 447 2f80e63-2f80e66 444->447 448 2f80d34-2f80d3b call 2f96990 444->448 450 2f80d40-2f80d47 448->450 451 2f80d49-2f80d50 450->451 452 2f80d55-2f80ddd call 2f81a0c 450->452 453 2f80f7f-2f80fb0 call 2f819ea 451->453 458 2f80de3-2f80def 452->458 459 2f80e67-2f80e8d call 2f88722 call 2f81e70 452->459 453->447 460 2f80df1-2f80e06 458->460 461 2f80e23 458->461 459->453 472 2f80e93-2f80ea0 459->472 463 2f80e08-2f80e13 460->463 464 2f80e16-2f80e1f 460->464 466 2f80e26-2f80e4c call 2f81e70 461->466 463->464 464->460 467 2f80e21 464->467 473 2f80e59-2f80e5e call 2f88722 466->473 474 2f80e4e call 2f88722 466->474 467->466 481 2f80f39-2f80f47 472->481 482 2f80ea6-2f80eb6 472->482 480 2f80e5f 473->480 479 2f80e53-2f80e54 474->479 479->453 483 2f80e61 480->483 487 2f80f49-2f80f50 481->487 488 2f80f52-2f80f79 call 2f81e70 481->488 482->453 486 2f80ebc-2f80f1a call 2f81e70 482->486 483->447 493 2f80f1c-2f80f22 486->493 494 2f80f27-2f80f34 486->494 487->453 488->453 488->480 493->479 494->483
                                                                              APIs
                                                                              • _calloc.LIBCMT ref: 02F80D3B
                                                                                • Part of subcall function 02F96990: __calloc_impl.LIBCMT ref: 02F969A5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __calloc_impl_calloc
                                                                              • String ID:
                                                                              • API String ID: 2108883976-0
                                                                              • Opcode ID: b1273c274ced11ef4bb6cc658eb9509b3328c35321157883059792211b9f16ff
                                                                              • Instruction ID: 63eed26035f4c7e59af87b0cdc8e491a0a132eaf3c83608703740f67f97b1691
                                                                              • Opcode Fuzzy Hash: b1273c274ced11ef4bb6cc658eb9509b3328c35321157883059792211b9f16ff
                                                                              • Instruction Fuzzy Hash: C6A138B6D00208EFDF219F94CC85EAEFBB6FF89340F108599E605AA250D771A954DF21
                                                                              Function 02F7A802 Relevance: 1.6, APIs: 1, Instructions: 70memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 497 2f7a802-2f7a80c 498 2f7a812-2f7a815 497->498 499 2f7a8b0-2f7a8b8 call 2f7c35d 497->499 501 2f7a817-2f7a81a 498->501 502 2f7a82f-2f7a83c call 2f7c2dd 498->502 506 2f7a8b9-2f7a8bd 499->506 505 2f7a820-2f7a82a call 2f7c67f 501->505 501->506 509 2f7a83e-2f7a844 502->509 510 2f7a8a8 call 2f7131c 502->510 505->506 512 2f7a8a7 509->512 513 2f7a846-2f7a854 call 2f7dae1 509->513 516 2f7a8ad-2f7a8ae 510->516 512->510 513->512 518 2f7a856-2f7a85d 513->518 516->506 519 2f7a897-2f7a89e 518->519 520 2f7a85f-2f7a869 518->520 519->512 521 2f7a8a0-2f7a8a1 call 2f7da6f 519->521 522 2f7a87c-2f7a88a call 2f7d492 520->522 523 2f7a86b-2f7a871 520->523 527 2f7a8a6 521->527 522->512 529 2f7a88c-2f7a895 call 2f7d492 522->529 523->512 525 2f7a873-2f7a87a HeapDestroy 523->525 525->512 527->512 529->527
                                                                              APIs
                                                                              • HeapDestroy.KERNEL32(?), ref: 02F7A874
                                                                                • Part of subcall function 02F7C67F: _memset.LIBCMT ref: 02F7C69D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DestroyHeap_memset
                                                                              • String ID:
                                                                              • API String ID: 3970643317-0
                                                                              • Opcode ID: fe873b1aa279aaa63b550094a7d36a04ffefdde74cf37347617f168ac0debded
                                                                              • Instruction ID: c79d9bbbceafebd65c1964aabdb804c3f09d53a001eb1a81d9b58c64d778a2cd
                                                                              • Opcode Fuzzy Hash: fe873b1aa279aaa63b550094a7d36a04ffefdde74cf37347617f168ac0debded
                                                                              • Instruction Fuzzy Hash: F311A333D012059ADB24AB68DC80FBE736AAF013E9F564037E71496050EB34D983DEE5
                                                                              Function 02F83EF7 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 532 2f83ef7-2f83efe call 2f887ff 534 2f83f03-2f83f0b 532->534 535 2f83f0d-2f83f11 534->535 536 2f83f12 534->536 537 2f83f14-2f83f1f 536->537 537->537 538 2f83f21-2f83f30 537->538
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 02F83EFE
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap_malloc
                                                                              • String ID:
                                                                              • API String ID: 501242067-0
                                                                              • Opcode ID: 770a5737fa1c2baebb51fc1048b2bd86ee1b0969124dc220f3e5ed95a16c1eaa
                                                                              • Instruction ID: e5f79237ee21ac3be80c661a4ca2d41d7540bede78ffd27d05651d02d449ab86
                                                                              • Opcode Fuzzy Hash: 770a5737fa1c2baebb51fc1048b2bd86ee1b0969124dc220f3e5ed95a16c1eaa
                                                                              • Instruction Fuzzy Hash: 12E04F7220C6014FDB299F2CF84060AF7F29B84720B60CE7EE09AC7394DB34D4818B04
                                                                              Function 02F8A68A Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 539 2f8a68a-2f8a6ac HeapCreate 540 2f8a6ae-2f8a6af 539->540 541 2f8a6b0-2f8a6b9 539->541
                                                                              APIs
                                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,02F8A3C6,00000001,?,?,?,02F8A53F,?,?,?,02FA36E0,0000000C,02F8A5FA), ref: 02F8A69F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateHeap
                                                                              • String ID:
                                                                              • API String ID: 10892065-0
                                                                              • Opcode ID: 627a7e256299d797e846a1f5cd55ccd3f89f7d8fc46031ce19ccdf69342f11fd
                                                                              • Instruction ID: 4a5083d78122f04561aeab6b4032d63a188b0125a1724c4e30bdb533e79ffb9a
                                                                              • Opcode Fuzzy Hash: 627a7e256299d797e846a1f5cd55ccd3f89f7d8fc46031ce19ccdf69342f11fd
                                                                              • Instruction Fuzzy Hash: 32D05E72DD03085EEB10AEB0B808B22BBDCE7847D5F114837B90CC6640E774D5A08A04
                                                                              Function 032DA8A7 Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,032D9DEF,?,032D9DEF,AAAABBBB), ref: 032DA996
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: 06db9e082881e3a7de2518e710500035fed678b226e83921418e753830c2cfca
                                                                              • Instruction ID: 0ee3fe14363c1588c9e74f904c51091d4739e354c9747d8bab4dbabed7304993
                                                                              • Opcode Fuzzy Hash: 06db9e082881e3a7de2518e710500035fed678b226e83921418e753830c2cfca
                                                                              • Instruction Fuzzy Hash: C731CB70A10109AFCB08CF99C894EAEB7B5FF88310F15C199E519AB394D774EA91CF94
                                                                              Function 02F754A0 Relevance: 1.3, APIs: 1, Instructions: 31sleepCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Sleep.KERNELBASE(?,0000EA60,?,02F716A0,0000EA60), ref: 02F754FB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: 87cd3d7872a6a9424d879ff2a636181a0de247492a6080e72c8c691a10c5fa1c
                                                                              • Instruction ID: 01b5f72cc666a92d885a32b28951d1f10c45d799a88a60d33cb08a21d9e9033c
                                                                              • Opcode Fuzzy Hash: 87cd3d7872a6a9424d879ff2a636181a0de247492a6080e72c8c691a10c5fa1c
                                                                              • Instruction Fuzzy Hash: 84F05471D8020D9BEF145F64FC19A1477A6F7053E9F54062BEE1459190DB33C460CF61
                                                                              Function 0040A0C7 Relevance: 1.3, APIs: 1, Instructions: 26memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VirtualAlloc.KERNELBASE(E553A458,00000000,00000269,00001000,00000040), ref: 0040A118
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3325527910.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325591321.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325611113.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325665529.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: 6e6d856aae68f0ee298ee251cef16225388653039049ee4443fb847626fd41f1
                                                                              • Instruction ID: 759cabaf95f4f6259712b527008d08a75ec9935be64463b2b47243e6b8599d83
                                                                              • Opcode Fuzzy Hash: 6e6d856aae68f0ee298ee251cef16225388653039049ee4443fb847626fd41f1
                                                                              • Instruction Fuzzy Hash: 58D05E323CE318E5D42454206C16BB16149070FB81E203473B64A7F3C198BD5433325F

                                                                              Non-executed Functions

                                                                              Function 02F75225 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 172filetimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 02F75237
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              • _memset.LIBCMT ref: 02F75243
                                                                                • Part of subcall function 02F716CB: _malloc.LIBCMT ref: 02F716D1
                                                                                • Part of subcall function 02F7171B: htonl.WS2_32(0000001F), ref: 02F71721
                                                                              • _strncmp.LIBCMT ref: 02F75292
                                                                              • GetCurrentDirectoryA.KERNEL32(00004000,00000000), ref: 02F752A0
                                                                                • Part of subcall function 02F88722: __lock.LIBCMT ref: 02F88740
                                                                                • Part of subcall function 02F88722: ___sbh_find_block.LIBCMT ref: 02F8874B
                                                                                • Part of subcall function 02F88722: ___sbh_free_block.LIBCMT ref: 02F8875A
                                                                                • Part of subcall function 02F88722: HeapFree.KERNEL32(00000000,00000000,02FA35A0,0000000C,02F8D788,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C), ref: 02F8878A
                                                                                • Part of subcall function 02F88722: GetLastError.KERNEL32(?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5,00000000,00000000,?,02F8D842,0000000D), ref: 02F8879B
                                                                              • FindFirstFileA.KERNEL32(00000000,?), ref: 02F752D1
                                                                              • GetLastError.KERNEL32 ref: 02F752DE
                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 02F7532A
                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 02F7533A
                                                                              • FindNextFileA.KERNEL32(00000000,00000010), ref: 02F753CD
                                                                              • FindClose.KERNEL32(00000000), ref: 02F753DC
                                                                                • Part of subcall function 02F71825: _vwprintf.LIBCMT ref: 02F7182F
                                                                                • Part of subcall function 02F71825: _vswprintf_s.LIBCMT ref: 02F71853
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Time$FileFind$ErrorHeapLastSystem_malloc$AllocateCloseCurrentDirectoryFirstFreeLocalNextSpecific___sbh_find_block___sbh_free_block__lock_memset_strncmp_vswprintf_s_vwprintfhtonl
                                                                              • String ID: %s$.\*$D0%02d/%02d/%02d %02d:%02d:%02d%s$F%I64d%02d/%02d/%02d %02d:%02d:%02d%s
                                                                              • API String ID: 2804257087-1754256099
                                                                              • Opcode ID: 6c6dbd2eded01e257d2a61e778880a3e4601bc008c0e5221d6d78f24853ce9ee
                                                                              • Instruction ID: 50bbc0acad96edf976ddf1722bf9322c0bfc8d950dfc95d0ad9fcd04d0b32e66
                                                                              • Opcode Fuzzy Hash: 6c6dbd2eded01e257d2a61e778880a3e4601bc008c0e5221d6d78f24853ce9ee
                                                                              • Instruction Fuzzy Hash: 7E512DB2D0012DAADB10EBE5DC45EFFB7BDAF08784F040526B719A1190FA799A548B70
                                                                              Function 02F766BF Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 111threadsleepprocessCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(ntdll,NtQueueApcThread,00000000,00000000), ref: 02F76704
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 02F7670B
                                                                                • Part of subcall function 02F76638: _malloc.LIBCMT ref: 02F76657
                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 02F7673A
                                                                              • Thread32First.KERNEL32(00000000,0000001C), ref: 02F7674F
                                                                              • Thread32Next.KERNEL32(00000000,0000001C), ref: 02F7678E
                                                                              • Sleep.KERNEL32(000000C8,00000004,00000000), ref: 02F767A4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Thread32$AddressCreateFirstHandleModuleNextProcSleepSnapshotToolhelp32_malloc
                                                                              • String ID: NtQueueApcThread$ntdll
                                                                              • API String ID: 147937454-1374908105
                                                                              • Opcode ID: 9cf9fd4446dde440f934177d8b886f0c2115636e5db6c36973a73c753fb12347
                                                                              • Instruction ID: e85f5332fdbcc0325900996c2df7e5af1c8c94ec03dd5e3530256ee5b9e8ab1a
                                                                              • Opcode Fuzzy Hash: 9cf9fd4446dde440f934177d8b886f0c2115636e5db6c36973a73c753fb12347
                                                                              • Instruction Fuzzy Hash: 14312771D0011CAFEF10EFA4CD45AAEBBB9EB04794F148416FA05E6150EB749A46CFA1
                                                                              Function 02F7A70E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 84fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 02F7A71B
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              • __snprintf.LIBCMT ref: 02F7A72C
                                                                              • FindFirstFileA.KERNEL32(00000000,02F750C9,?,02F7A7FD,02F750C9,?,Function_0000504D), ref: 02F7A739
                                                                                • Part of subcall function 02F88722: __lock.LIBCMT ref: 02F88740
                                                                                • Part of subcall function 02F88722: ___sbh_find_block.LIBCMT ref: 02F8874B
                                                                                • Part of subcall function 02F88722: ___sbh_free_block.LIBCMT ref: 02F8875A
                                                                                • Part of subcall function 02F88722: HeapFree.KERNEL32(00000000,00000000,02FA35A0,0000000C,02F8D788,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C), ref: 02F8878A
                                                                                • Part of subcall function 02F88722: GetLastError.KERNEL32(?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5,00000000,00000000,?,02F8D842,0000000D), ref: 02F8879B
                                                                              • _malloc.LIBCMT ref: 02F7A778
                                                                              • __snprintf.LIBCMT ref: 02F7A78D
                                                                                • Part of subcall function 02F7A6D1: _malloc.LIBCMT ref: 02F7A6DC
                                                                                • Part of subcall function 02F7A6D1: __snprintf.LIBCMT ref: 02F7A6F0
                                                                              • FindNextFileA.KERNEL32(000000FF,02F750C9,?,?,?,?,?,?,?), ref: 02F7A7BA
                                                                              • FindClose.KERNEL32(000000FF,?,?,?,?,?,?,?), ref: 02F7A7C7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Find__snprintf_malloc$FileHeap$AllocateCloseErrorFirstFreeLastNext___sbh_find_block___sbh_free_block__lock
                                                                              • String ID: %s\*
                                                                              • API String ID: 1254174322-766152087
                                                                              • Opcode ID: f8fd4209384d2faf72a434f0c0ad16a492f375f57d6377b1b10d486af4829a3c
                                                                              • Instruction ID: 1fcd766410e4a54dcbc7f01270f5c2b3481566ef6cb2e8faa3ed39b1b7b64dc8
                                                                              • Opcode Fuzzy Hash: f8fd4209384d2faf72a434f0c0ad16a492f375f57d6377b1b10d486af4829a3c
                                                                              • Instruction Fuzzy Hash: 1321C27290010CBBDF11AF21CC55AAF7B7EEF40BE4F198025FA1966150DB719E219BA0
                                                                              Function 02F78699 Relevance: 9.1, APIs: 6, Instructions: 68networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • htonl.WS2_32 ref: 02F786B6
                                                                              • htons.WS2_32(?), ref: 02F786C6
                                                                              • socket.WS2_32(00000002,00000002,00000000), ref: 02F786DC
                                                                              • closesocket.WS2_32(00000000), ref: 02F786E9
                                                                              • bind.WS2_32(00000000,?,00000010), ref: 02F78717
                                                                              • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 02F7872E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: bindclosesockethtonlhtonsioctlsocketsocket
                                                                              • String ID:
                                                                              • API String ID: 3910169428-0
                                                                              • Opcode ID: 72e0bdcef6f8eb96ae826e07d0cb6af845301c32c66f86dd4a82e2f32832ca42
                                                                              • Instruction ID: dc35d60c6c640d696f852ee9377acca89c2860f78155e3b6908b41bda7615424
                                                                              • Opcode Fuzzy Hash: 72e0bdcef6f8eb96ae826e07d0cb6af845301c32c66f86dd4a82e2f32832ca42
                                                                              • Instruction Fuzzy Hash: 6411B671E00208AADB00ABF99C49FAEB7BDDF083E4F104526F715E71C0E6744A058F64
                                                                              Function 02F73685 Relevance: 9.1, APIs: 6, Instructions: 68sleepnetworkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 02F73697
                                                                              • Sleep.KERNEL32(000003E8), ref: 02F73707
                                                                              • GetTickCount.KERNEL32 ref: 02F7370D
                                                                              • Sleep.KERNEL32(000003E8), ref: 02F73720
                                                                              • closesocket.WS2_32(00000000), ref: 02F73727
                                                                              • send.WS2_32(00000000,?,?,00000000), ref: 02F7373A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountSleepTick$closesocketsend
                                                                              • String ID:
                                                                              • API String ID: 1472970430-0
                                                                              • Opcode ID: ece1609eb8d6926d9f812d576f033d8a4ab272c4463eb1050016ff8e76cbe764
                                                                              • Instruction ID: 652e2ac36a68a5d92c039f50a9a7574f0ac4fc1eb238c0206c6204ceae8e6283
                                                                              • Opcode Fuzzy Hash: ece1609eb8d6926d9f812d576f033d8a4ab272c4463eb1050016ff8e76cbe764
                                                                              • Instruction Fuzzy Hash: C8117FB2D0021CBBDF01BBF4EC84CDDBB7AAF043A0F100567E711A6190EA7595449F61
                                                                              Function 02F785B7 Relevance: 9.1, APIs: 6, Instructions: 54networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 02F785CF
                                                                              • htons.WS2_32(?), ref: 02F785EB
                                                                              • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 02F78604
                                                                              • closesocket.WS2_32(00000000), ref: 02F7860F
                                                                              • bind.WS2_32(00000000,?,00000010), ref: 02F7861D
                                                                              • listen.WS2_32(00000000,?), ref: 02F7862B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: bindclosesockethtonsioctlsocketlistensocket
                                                                              • String ID:
                                                                              • API String ID: 1767165869-0
                                                                              • Opcode ID: 512048afa033bf9c4ac7def6146be7ab922e52aef72f050fc7ac83add7ff89b0
                                                                              • Instruction ID: 1a23c6ba7dac8047c529a7e591c8fba704f53a43fab480d9cb51fe8796d8bbf1
                                                                              • Opcode Fuzzy Hash: 512048afa033bf9c4ac7def6146be7ab922e52aef72f050fc7ac83add7ff89b0
                                                                              • Instruction Fuzzy Hash: A3017935A5061C76DB11AB949C49EEEFA2AEF417D0F100116FB01E6141E7308A518BE9
                                                                              Function 02F7E272 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 02F7DF1C: RevertToSelf.ADVAPI32(00000100,02F7E4B0,00000000,?,?,02F719A7,?,00000000,00000000,00000000,00000100,00000100), ref: 02F7DF33
                                                                              • LogonUserA.ADVAPI32(?,?,?,00000009,00000003,02FB08A4), ref: 02F7E292
                                                                              • GetLastError.KERNEL32 ref: 02F7E29C
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781C2
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781D2
                                                                                • Part of subcall function 02F731C8: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000400,02F74ACB,?,02F748E4,02F74ACB,?,00000400), ref: 02F731DE
                                                                                • Part of subcall function 02F731C8: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,02F74ACB,02F748E4,?,02F748E4,02F74ACB,?,00000400,?,?,?,?,02F74ACB), ref: 02F731F7
                                                                                • Part of subcall function 02F716CB: _malloc.LIBCMT ref: 02F716D1
                                                                                • Part of subcall function 02F71825: _vwprintf.LIBCMT ref: 02F7182F
                                                                                • Part of subcall function 02F71825: _vswprintf_s.LIBCMT ref: 02F71853
                                                                                • Part of subcall function 02F71864: _memset.LIBCMT ref: 02F71872
                                                                              • ImpersonateLoggedOnUser.ADVAPI32 ref: 02F7E2B6
                                                                              • GetLastError.KERNEL32 ref: 02F7E2C0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc$ByteCharErrorLastMultiUserWide$ImpersonateLoggedLogonRevertSelf_memset_vswprintf_s_vwprintf
                                                                              • String ID: %s\%s
                                                                              • API String ID: 744593125-4073750446
                                                                              • Opcode ID: 8e4ae90906565969c5dcd31ccebfefe915e15d7a4cd475e58727dfd95cb4a54c
                                                                              • Instruction ID: 0e9927fb87e483b2b1c44e3f9c0417ca58394ec3a2b735aee7b117fbb1fabc78
                                                                              • Opcode Fuzzy Hash: 8e4ae90906565969c5dcd31ccebfefe915e15d7a4cd475e58727dfd95cb4a54c
                                                                              • Instruction Fuzzy Hash: DE311771D4020CBEEF02AF65EC45E9B7BAAEB047D4F144426FB0895150EB718664DFA1
                                                                              Function 02F74A7E Relevance: 7.6, APIs: 5, Instructions: 65processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateProcessAsUserA.ADVAPI32(?,00000000,?,00000000,00000000,00000001,00000004,00000000,00000000,?,?,?,?,00000011,02F74B75,?), ref: 02F74AA4
                                                                              • GetLastError.KERNEL32(?,?,02F79320), ref: 02F74AB4
                                                                              • GetLastError.KERNEL32(?,?,02F79320), ref: 02F74ACE
                                                                                • Part of subcall function 02F74870: _memset.LIBCMT ref: 02F7489E
                                                                                • Part of subcall function 02F74870: _memset.LIBCMT ref: 02F748BA
                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000004,00000000,00000000,?,?,?,?,00000011,02F74B75,?,?), ref: 02F74AF3
                                                                              • GetLastError.KERNEL32(?,?,02F79320), ref: 02F74AFD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$CreateProcess_memset$User
                                                                              • String ID:
                                                                              • API String ID: 3779600536-0
                                                                              • Opcode ID: b7ade90112faca14b6830c8d31a34cb78cf0cd11a67e7a503358a024722ee8ad
                                                                              • Instruction ID: 0b17c7ecf5a2d051cd67cc4fc41c7f66e00ac3ee3f646ac3fa2f8d9539d22c75
                                                                              • Opcode Fuzzy Hash: b7ade90112faca14b6830c8d31a34cb78cf0cd11a67e7a503358a024722ee8ad
                                                                              • Instruction Fuzzy Hash: 5A111635940644BEEB325F65EC48E27BAB9FFC5B95B140C1EF75580460D7218460EF25
                                                                              Function 02F90331 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsDebuggerPresent.KERNEL32 ref: 02F941AD
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02F941C2
                                                                              • UnhandledExceptionFilter.KERNEL32(02F9BC2C), ref: 02F941CD
                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 02F941E9
                                                                              • TerminateProcess.KERNEL32(00000000), ref: 02F941F0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                              • String ID:
                                                                              • API String ID: 2579439406-0
                                                                              • Opcode ID: 9c4df105cb122d6916e987f081d45f64873c906a8510f8e0951f70d3e20740fb
                                                                              • Instruction ID: 4584383bb4c1ed35236a1cf7c69b71c48f98b99e965202a641da60798379bb5e
                                                                              • Opcode Fuzzy Hash: 9c4df105cb122d6916e987f081d45f64873c906a8510f8e0951f70d3e20740fb
                                                                              • Instruction Fuzzy Hash: FE21DBF8C8620C9BE700DF68E598B18BBE4BB4C7A4F40181BE50882340E7B055A5CF09
                                                                              Function 02F7EDB3 Relevance: 7.5, APIs: 5, Instructions: 45networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 02F7EDC5
                                                                              • closesocket.WS2_32(00000000), ref: 02F7EDD2
                                                                              • htons.WS2_32(?), ref: 02F7EDE3
                                                                              • bind.WS2_32(00000000,?,00000010), ref: 02F7EDFA
                                                                              • listen.WS2_32(00000000,00000078), ref: 02F7EE0B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: bindclosesockethtonslistensocket
                                                                              • String ID:
                                                                              • API String ID: 564772725-0
                                                                              • Opcode ID: f5d321fb737f3696748f718b7cdc3ba0e1b03ea59233d0aa3e5bc77a4717a8f8
                                                                              • Instruction ID: 232ff53088801d5116cf9824e75b954db046dd63af6fceef7fd161239a2930c7
                                                                              • Opcode Fuzzy Hash: f5d321fb737f3696748f718b7cdc3ba0e1b03ea59233d0aa3e5bc77a4717a8f8
                                                                              • Instruction Fuzzy Hash: 52F0F475D9031875EE01B7B49C0AFEE722A9F017B4F104793FB32A90D0E7B086508BA5
                                                                              Function 02F741CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 02F74227
                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 02F7424A
                                                                              • GetLastError.KERNEL32 ref: 02F74254
                                                                                • Part of subcall function 02F71825: _vwprintf.LIBCMT ref: 02F7182F
                                                                                • Part of subcall function 02F71825: _vswprintf_s.LIBCMT ref: 02F71853
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue_vswprintf_s_vwprintf
                                                                              • String ID: %s
                                                                              • API String ID: 2004037343-620797490
                                                                              • Opcode ID: 99da9835d6fa56935c67e5101babeca7e52371451c8b0ca526c05e2c7656f7fb
                                                                              • Instruction ID: bcb8a4a54107e79fd4088e2faeb5a4fcf3ba8a3ff7e0735219c9b8386142aafc
                                                                              • Opcode Fuzzy Hash: 99da9835d6fa56935c67e5101babeca7e52371451c8b0ca526c05e2c7656f7fb
                                                                              • Instruction Fuzzy Hash: 13114D71A00118BAEB119BA4DD44AEFBBBDEF09794B100426EA04F2150E7319E14CAA1
                                                                              Function 02F77E57 Relevance: 6.1, APIs: 4, Instructions: 63sleepnetworkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 02F77E66
                                                                              • Sleep.KERNEL32(000003E8), ref: 02F77EB6
                                                                              • GetTickCount.KERNEL32 ref: 02F77EBC
                                                                              • WSAGetLastError.WS2_32 ref: 02F77EC2
                                                                                • Part of subcall function 02F77E11: ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 02F77E23
                                                                                • Part of subcall function 02F775E5: _memset.LIBCMT ref: 02F77606
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$ErrorLastSleep_memsetioctlsocket
                                                                              • String ID:
                                                                              • API String ID: 3301373915-0
                                                                              • Opcode ID: 8f0cdd34b05ac88ef1b0447f931bfa770e3621554fbfbd3e552302fd1df17df8
                                                                              • Instruction ID: 116b08216c0a05f04aaad96ece026dc228f37cfcb7a05011210c488fb85adf3b
                                                                              • Opcode Fuzzy Hash: 8f0cdd34b05ac88ef1b0447f931bfa770e3621554fbfbd3e552302fd1df17df8
                                                                              • Instruction Fuzzy Hash: 1011C873D0410DABDB01B7F5AC859AEBBAADB443E4F200427EB01AB1D0EE705D919F91
                                                                              Function 02F97320 Relevance: 5.6, Strings: 4, Instructions: 612COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $<$abcdefghijklmnop$abcdefghijklmnop
                                                                              • API String ID: 0-3339112986
                                                                              • Opcode ID: d0bc9d31e0a7d589af61ac302f14f412036c3b71276796203dd1f79702239ced
                                                                              • Instruction ID: 749474223768dcd8169922555df8222151cc03b66832b5395f5cff8d87e778af
                                                                              • Opcode Fuzzy Hash: d0bc9d31e0a7d589af61ac302f14f412036c3b71276796203dd1f79702239ced
                                                                              • Instruction Fuzzy Hash: 6252F275E102198FDB48CF69D491AADFBF1EF89340F14C16AE865AB342C634E951CFA0
                                                                              Function 02F7E442 Relevance: 4.5, APIs: 3, Instructions: 42memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,75922E90,?,?,?,02F780ED), ref: 02F7E475
                                                                              • CheckTokenMembership.ADVAPI32(00000000,?,02F780ED,?,?,?,02F780ED), ref: 02F7E48A
                                                                              • FreeSid.ADVAPI32(?,?,?,?,02F780ED), ref: 02F7E49A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                              • String ID:
                                                                              • API String ID: 3429775523-0
                                                                              • Opcode ID: ceb73590e3c7a32ef5f25f88924d71f9df3851ad8f76dde092560b49550cfcf6
                                                                              • Instruction ID: 8c6169b8e7710d4df2553a43111fcb141f88961bae8a90cf3e1b26ef3dc174dd
                                                                              • Opcode Fuzzy Hash: ceb73590e3c7a32ef5f25f88924d71f9df3851ad8f76dde092560b49550cfcf6
                                                                              • Instruction Fuzzy Hash: 00018176D4028CFFDB11DBE89988AEDFFBCAB18244F4448EAE211A3141D3305708DB25
                                                                              Function 004096C0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeviceIoControl.KERNEL32(00000075,00000000,?,000046B5), ref: 00409724
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3325527910.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325591321.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325611113.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325665529.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ControlDevice
                                                                              • String ID:
                                                                              • API String ID: 2352790924-0
                                                                              • Opcode ID: 8cc716ce6f0d9ebba1c6b2379269b0e4a6ae8c89235b470c84bfc0ee52551dcd
                                                                              • Instruction ID: 92b8ce1385a08da91b2c0ef4a96918f8428d60d3365403537f2418e93e58f827
                                                                              • Opcode Fuzzy Hash: 8cc716ce6f0d9ebba1c6b2379269b0e4a6ae8c89235b470c84bfc0ee52551dcd
                                                                              • Instruction Fuzzy Hash: B401BC5050C3C1BFF3238B348CAAF967FA84F03650F4805DAE9D49F1A3D668990AC366
                                                                              Function 02F7427B Relevance: 1.5, APIs: 1, Instructions: 38pipeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateNamedPipeA.KERNEL32(?,00000003,00000004,00000002,00000000,00000000,00000000,00000000), ref: 02F742CF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateNamedPipe
                                                                              • String ID:
                                                                              • API String ID: 2489174969-0
                                                                              • Opcode ID: 30c2c59bed7bdda4723784b1c4aa195b03837f51e6c38ff7f6588b5e8dd3e86b
                                                                              • Instruction ID: 2c01839b3ea5f5ce6636c7db340043d2d9ee69af8fe6bd0ec63cde6c0ada5632
                                                                              • Opcode Fuzzy Hash: 30c2c59bed7bdda4723784b1c4aa195b03837f51e6c38ff7f6588b5e8dd3e86b
                                                                              • Instruction Fuzzy Hash: 1BF0C8F0D8030DAFFB10AB74BC86F567FAC97147E8F500766A765D20D0D2B48AA58A50
                                                                              Function 02F7386E Relevance: 1.5, APIs: 1, Instructions: 28timeCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLocalTime.KERNEL32(?,?,?,?,02F71425), ref: 02F73886
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LocalTime
                                                                              • String ID:
                                                                              • API String ID: 481472006-0
                                                                              • Opcode ID: 28c955f660444b29d6a950ec268c78dcd51529662515f749ff057b01f0ab8f7a
                                                                              • Instruction ID: 4ca01f0bcb99be47ec0d0cd2e0fa8669eda5f2b1c20093b1a26faa75e1fc7a40
                                                                              • Opcode Fuzzy Hash: 28c955f660444b29d6a950ec268c78dcd51529662515f749ff057b01f0ab8f7a
                                                                              • Instruction Fuzzy Hash: C3E09A62A4022851DF1C77BA9D2A67DB2A9AB60A89F44887FE243E81C0FA74C1409310
                                                                              Function 00406D07 Relevance: 1.5, APIs: 1, Instructions: 24timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTimeZoneInformation.KERNEL32(004104B5), ref: 00406D21
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3325527910.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325591321.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325611113.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325665529.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InformationTimeZone
                                                                              • String ID:
                                                                              • API String ID: 565725191-0
                                                                              • Opcode ID: a25350c41297392c2ecb9378e300292c7bf1448d495c51d994c9d4abadea0a08
                                                                              • Instruction ID: 2b0fa55e7b9015c6d0760a3118bcde42819a17c7bffae6ba9f3a0d9e6d6de16f
                                                                              • Opcode Fuzzy Hash: a25350c41297392c2ecb9378e300292c7bf1448d495c51d994c9d4abadea0a08
                                                                              • Instruction Fuzzy Hash: 8DE04F74640304CFDB20CF84D8416D1BBB8F71A314F006015E945A7311C3B8D4878B88
                                                                              Function 02F98190 Relevance: .4, Instructions: 435COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c7e234bdc766603bc9ff1fbc4e665e7710bb1ed8b5c97966e44ac1e0f5233ef3
                                                                              • Instruction ID: 9b4c0913557d03e1ce5d1bb5c375a6d5722d5c58319884e10b179aeda69ce202
                                                                              • Opcode Fuzzy Hash: c7e234bdc766603bc9ff1fbc4e665e7710bb1ed8b5c97966e44ac1e0f5233ef3
                                                                              • Instruction Fuzzy Hash: EB125E319201598FDB08CF5DD8A1ABDBBF1EF49341F44816EE456EB386CA38EA11DB50
                                                                              Function 032F75D7 Relevance: .4, Instructions: 435COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 713d4da708e507e8e1ad1b26dcf6fc677549dbd504e9a6ab50fae4ca0ac85f09
                                                                              • Instruction ID: 6029d7a8ed53704e4775ced56bdd3fcdf7917a1814340d2e7f5d51c17896c0da
                                                                              • Opcode Fuzzy Hash: 713d4da708e507e8e1ad1b26dcf6fc677549dbd504e9a6ab50fae4ca0ac85f09
                                                                              • Instruction Fuzzy Hash: CC1272319101698FDB08CF5DC8D1ABDBBF1EF49341F54826EE4569B386C638EA12DB60
                                                                              Function 02F97BC0 Relevance: .4, Instructions: 406COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fa126bc9308df7c4c45b002e21f8cba912e988c45dc7ff176815210f5912d569
                                                                              • Instruction ID: 0d38728a357838de9d69da540a965e644f692609a326dd6133549ba982138662
                                                                              • Opcode Fuzzy Hash: fa126bc9308df7c4c45b002e21f8cba912e988c45dc7ff176815210f5912d569
                                                                              • Instruction Fuzzy Hash: 8A127D71D141598FCB08CF5CD4919BDFBF1EF49340F59856AE49AAB382C638EA21CB60
                                                                              Function 032F7007 Relevance: .4, Instructions: 406COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 649c5e0e6f184d593b2a95c2cf2d13bc3a42248f38c8f0b10b3a1c93a9f16d11
                                                                              • Instruction ID: d33d70aa32fbe39481172b61ab8212898b5cde9d12e71be1be0271079eb32902
                                                                              • Opcode Fuzzy Hash: 649c5e0e6f184d593b2a95c2cf2d13bc3a42248f38c8f0b10b3a1c93a9f16d11
                                                                              • Instruction Fuzzy Hash: 0C1260319141A98FDB08CF5DC8D19BDBBF1EF49340F55826EE456AB382C638EA11DB50
                                                                              Function 02F958FD Relevance: .4, Instructions: 384COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                              • Instruction ID: 7e451ef352900e34c0b4d577b1462f0e09ffb58f447b900fc615f943fa393f7e
                                                                              • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                              • Instruction Fuzzy Hash: 92D172B3D0A9B30AAB76812E416823FEE626FD159431FC3E1DDD43F289D22A5D06D5D0
                                                                              Function 032F4D44 Relevance: .4, Instructions: 384COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                              • Instruction ID: 217fbbb293da30bb7db06e19a0ab3f1abfa15f597dccf8e6778c45f3e3265166
                                                                              • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                              • Instruction Fuzzy Hash: 88D17DB3C2A9B30EC735D16F446813BEA626FD198432FC3F09DE43F28996665D8586D0
                                                                              Function 02F954DD Relevance: .4, Instructions: 378COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                              • Instruction ID: ee78a051462b6ce5da708bce1290ae0e52ea22415a24af4ddd1a0bd87f80d2f8
                                                                              • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                              • Instruction Fuzzy Hash: A8D181B3D0A9B34A9B36812E415863BEE626FD158435FC3E1DDD42F28AD32B5D05C6E0
                                                                              Function 032F4924 Relevance: .4, Instructions: 378COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                              • Instruction ID: 586af684fbdf089e4072b00d203a6d1d833bae98ab358af8298d79123faf6e66
                                                                              • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                              • Instruction Fuzzy Hash: 87D170B3D2A9B30EC735D16F446423BEA626FD1A9431FC3F19DE02F289D1A65D8186D0
                                                                              Function 02F950D1 Relevance: .4, Instructions: 361COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                              • Instruction ID: 0d091e56dc5165e8b28c61e90bcf03d516437eb7819cb1806852c24ffa08149f
                                                                              • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                              • Instruction Fuzzy Hash: DDC173B3D0A9F30A9B76812E416422BEA626FD159531FC3E1DDD43F28AD32B5D0685D0
                                                                              Function 032F4518 Relevance: .4, Instructions: 361COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                              • Instruction ID: d02b86642ec18cfb907e46d50cb2a2dcbe04b489d8a56c2c117c55eba680eef2
                                                                              • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                              • Instruction Fuzzy Hash: E7C17EB3C2A9B30ECB35D16F446813BEA626FD199471EC3F1CDE02F289D5A65D8186D0
                                                                              Function 02F94CFD Relevance: .4, Instructions: 351COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                              • Instruction ID: e7c9541c472d59a8180946325218916afd602cc8ca49a77c689454203d72ab2d
                                                                              • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                              • Instruction Fuzzy Hash: CAC171B3D1A9F30A9B36812E415823BEEA26FD198531FC3E1DDD42F289D72B5D0685D0
                                                                              Function 032F4144 Relevance: .4, Instructions: 351COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                              • Instruction ID: aff35bb583f9ce73379dde69cc0e9a5c8d12937558291d86d111cbb9a0c76749
                                                                              • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                              • Instruction Fuzzy Hash: 02C18073D2A9B30E8735E16F445813BEA626FD198431EC3F1CDE03F289D5A69D8186D0
                                                                              Function 02F7ABA0 Relevance: .2, Instructions: 182COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0a7232b9ed9669d881f4893b4c8615f0ca151278e9e7f5d9bb8b2fa9bed21a24
                                                                              • Instruction ID: 2bf41bdd47441924fb733311dc5254d6fcb4367ffce0b36b788a388cc6161a55
                                                                              • Opcode Fuzzy Hash: 0a7232b9ed9669d881f4893b4c8615f0ca151278e9e7f5d9bb8b2fa9bed21a24
                                                                              • Instruction Fuzzy Hash: C191C074E0020ADFCF08CF89C5909ADBBB1FF48345F24819AD9126B355D734AA41CFA5
                                                                              Function 02F7B870 Relevance: .2, Instructions: 182COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0a7232b9ed9669d881f4893b4c8615f0ca151278e9e7f5d9bb8b2fa9bed21a24
                                                                              • Instruction ID: f7835504d7f0084f5a3a7ae0344e5282d5b88b00b3383f1843151b7d5dd13c26
                                                                              • Opcode Fuzzy Hash: 0a7232b9ed9669d881f4893b4c8615f0ca151278e9e7f5d9bb8b2fa9bed21a24
                                                                              • Instruction Fuzzy Hash: 8691B174E0020ADFCF08CF89C590AADBBB1FF49359F24819AD915AB315D335AA41CFA5
                                                                              Function 032D9FE7 Relevance: .2, Instructions: 182COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0a7232b9ed9669d881f4893b4c8615f0ca151278e9e7f5d9bb8b2fa9bed21a24
                                                                              • Instruction ID: 5d8b684d248f76048b65a60587f3c4242a3619aa90d73ee974620ceeda226400
                                                                              • Opcode Fuzzy Hash: 0a7232b9ed9669d881f4893b4c8615f0ca151278e9e7f5d9bb8b2fa9bed21a24
                                                                              • Instruction Fuzzy Hash: 3791BF74E1021ADFCF08CF89C590AAEBBB1FF48315F288199D815AB315D335AA81CF65
                                                                              Function 032DACB7 Relevance: .2, Instructions: 182COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0a7232b9ed9669d881f4893b4c8615f0ca151278e9e7f5d9bb8b2fa9bed21a24
                                                                              • Instruction ID: 1ec9c4b24efb9f32d90b3570522baf8e6fdb42a0c14abc3c5a90d9ad2f6ac827
                                                                              • Opcode Fuzzy Hash: 0a7232b9ed9669d881f4893b4c8615f0ca151278e9e7f5d9bb8b2fa9bed21a24
                                                                              • Instruction Fuzzy Hash: 1B91A0B4E1120ADFCF18CF89C5909ADBBB1FF48315F2881A9D8156B315D335AA81CFA5
                                                                              Function 032E2876 Relevance: .1, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ff2b6f834b16b78025c083963c8e988e93abbc0d3e50f43d867b2c402f0a1f38
                                                                              • Instruction ID: 2042ffcbe665957b84d22eda46e739a2277d0425a91fc43768f001eb96a41d9b
                                                                              • Opcode Fuzzy Hash: ff2b6f834b16b78025c083963c8e988e93abbc0d3e50f43d867b2c402f0a1f38
                                                                              • Instruction Fuzzy Hash: 6B41F876D14391CEDB0AFBBDA4520BDBFE97F1E11079929AAC083EF242D51485C2D7A0
                                                                              Function 02F859E9 Relevance: .1, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc
                                                                              • String ID:
                                                                              • API String ID: 1579825452-0
                                                                              • Opcode ID: 432740b4136f1b7666a498ebb42d662255caf050a04e5c5d985a1978a9e091a5
                                                                              • Instruction ID: 17c3d864ce5bb1d78f793f43fa8dcc71699c776935310101fc7f08ad37403202
                                                                              • Opcode Fuzzy Hash: 432740b4136f1b7666a498ebb42d662255caf050a04e5c5d985a1978a9e091a5
                                                                              • Instruction Fuzzy Hash: 3E413AB6E00209AFDF04DFA8CC81AAEF7B6EB48350F558169EA05E7341D734A905CB50
                                                                              Function 032E4E30 Relevance: .1, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc
                                                                              • String ID:
                                                                              • API String ID: 1579825452-0
                                                                              • Opcode ID: 02ac8979f1336d472c4d54947f50205c4c09b342f203139d1dbb19639b7e89c3
                                                                              • Instruction ID: ee4a8a08188dfdc40f775b5752193318b3f2b1b0fa2552347be380c3b4e88661
                                                                              • Opcode Fuzzy Hash: 02ac8979f1336d472c4d54947f50205c4c09b342f203139d1dbb19639b7e89c3
                                                                              • Instruction Fuzzy Hash: 91415C76E10209AFDB04DFA9C881AEEB7B5EB48310F548179E915EB345D774AA40CB50
                                                                              Function 02F97945 Relevance: .1, Instructions: 90COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3c4c343495e1b3bf7e1a863f22be76ec0de35edde2ac80f7324be41233a33841
                                                                              • Instruction ID: e5da63c5dcce64ba05d17d61e8cc81490e4998974314bd460cd95ae58be94d72
                                                                              • Opcode Fuzzy Hash: 3c4c343495e1b3bf7e1a863f22be76ec0de35edde2ac80f7324be41233a33841
                                                                              • Instruction Fuzzy Hash: 11419574D101688FCB48CF5DE8909EDB7F2FB4D381B45850AE546A7385CA38A924CF20
                                                                              Function 00406D7C Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.3325527910.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325591321.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325611113.000000000040D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3325665529.0000000000415000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1e9e9d94b8254684fe3a4f00fdc07e1575d31f54b61cd36a51c0559920efdf0e
                                                                              • Instruction ID: 71775e242b5eb590e297e831471ccab93c77c4d7ab997aa23a689e6d6ced8640
                                                                              • Opcode Fuzzy Hash: 1e9e9d94b8254684fe3a4f00fdc07e1575d31f54b61cd36a51c0559920efdf0e
                                                                              • Instruction Fuzzy Hash: 24F065768453806FC715DF258850CABFFB5AE87210B09A48EF8946B252C270F915C769
                                                                              Function 02F78B1A Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 210networkCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • htonl.WS2_32(?), ref: 02F78B54
                                                                              • select.WS2_32(00000000,?,?,?,?), ref: 02F78BB8
                                                                              • __WSAFDIsSet.WS2_32(00000000,?), ref: 02F78BD4
                                                                              • accept.WS2_32(00000000,00000000,00000000), ref: 02F78BE9
                                                                              • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 02F78BFC
                                                                                • Part of subcall function 02F78520: _malloc.LIBCMT ref: 02F78527
                                                                                • Part of subcall function 02F78520: GetTickCount.KERNEL32 ref: 02F78547
                                                                                • Part of subcall function 02F716CB: _malloc.LIBCMT ref: 02F716D1
                                                                                • Part of subcall function 02F7171B: htonl.WS2_32(0000001F), ref: 02F71721
                                                                                • Part of subcall function 02F71864: _memset.LIBCMT ref: 02F71872
                                                                              • __WSAFDIsSet.WS2_32(00000000,?), ref: 02F78C89
                                                                              • accept.WS2_32(00000000,00000000,00000000), ref: 02F78C9B
                                                                              • closesocket.WS2_32(?), ref: 02F78DA9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _mallocaccepthtonl$CountTick_memsetclosesocketioctlsocketselect
                                                                              • String ID: d
                                                                              • API String ID: 4083423528-2564639436
                                                                              • Opcode ID: 8cba970ceee9cf7a1116fe74fee510b9dbe2ac8931036780d28c8c1bb0f64f04
                                                                              • Instruction ID: 0325aed4ad14dadc8a20ce1d9991d3e271dca28fe0a50f239c35e5f16cfdb703
                                                                              • Opcode Fuzzy Hash: 8cba970ceee9cf7a1116fe74fee510b9dbe2ac8931036780d28c8c1bb0f64f04
                                                                              • Instruction Fuzzy Hash: 097118B1D00608AFDB21EFA5DC48E9FF7B9EF44384F10456AEA16E2250E730AA54DF10
                                                                              Function 02F72962 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 196networksleepCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F7298D
                                                                              • _memset.LIBCMT ref: 02F729A2
                                                                              • __snprintf.LIBCMT ref: 02F72A0E
                                                                              • _memset.LIBCMT ref: 02F72A1C
                                                                              • __snprintf.LIBCMT ref: 02F72A3A
                                                                              • __snprintf.LIBCMT ref: 02F72A59
                                                                              • __snprintf.LIBCMT ref: 02F72AF7
                                                                              • __snprintf.LIBCMT ref: 02F72B0E
                                                                              • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,02FA1540,02FAFFC4), ref: 02F72B4B
                                                                              • HttpSendRequestA.WININET(00000000,?,?,?,?), ref: 02F72B74
                                                                              • InternetCloseHandle.WININET(00000000), ref: 02F72B86
                                                                              • Sleep.KERNEL32(000001F4), ref: 02F72B8D
                                                                              • InternetCloseHandle.WININET(00000000), ref: 02F72B9E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf$_memset$CloseHandleHttpInternetRequest$OpenSendSleep
                                                                              • String ID: %s%s$*/*$/submit.php
                                                                              • API String ID: 3375730287-1319007374
                                                                              • Opcode ID: 41b7c8d65e53fb480689ccd24634ecded734cba1ea372170af58f85b311539fd
                                                                              • Instruction ID: f8d4e31653e80e41048d1ebe7b799d8c77d107a7d7abdf46703b4ec568e6b410
                                                                              • Opcode Fuzzy Hash: 41b7c8d65e53fb480689ccd24634ecded734cba1ea372170af58f85b311539fd
                                                                              • Instruction Fuzzy Hash: 0B61C2B2D0011DAFEB11ABA4DC44EEEBBBEFF05384F0405A6EB05B7111D7319A598B61
                                                                              Function 02F74870 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 184processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F7489E
                                                                              • _memset.LIBCMT ref: 02F748BA
                                                                                • Part of subcall function 02F731C8: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000400,02F74ACB,?,02F748E4,02F74ACB,?,00000400), ref: 02F731DE
                                                                                • Part of subcall function 02F731C8: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,02F74ACB,02F748E4,?,02F748E4,02F74ACB,?,00000400,?,?,?,?,02F74ACB), ref: 02F731F7
                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,02F74ACB,?,?,?,02F79320), ref: 02F74904
                                                                              • GetCurrentDirectoryW.KERNEL32(00000400,?,?,?,?,?,?,?,?,02F74ACB,?,?,?,02F79320), ref: 02F74913
                                                                              • CreateProcessWithTokenW.ADVAPI32(00000002,00000000,?,C0330CC4,00000000,?,C3E8296A,83FFFFDB), ref: 02F74946
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ByteCharCurrentDirectoryMultiWide_memset$CreateProcessTokenWith
                                                                              • String ID: sysnative$system32
                                                                              • API String ID: 2486443368-2461298002
                                                                              • Opcode ID: 02a491de0640d75dca5edcef26fbb4cc3ea68eb6eb137a988cf801fc1cbf1947
                                                                              • Instruction ID: dd4941e0a6f3b1f728fe31731f3025add771710725eed3f48290398965cd1604
                                                                              • Opcode Fuzzy Hash: 02a491de0640d75dca5edcef26fbb4cc3ea68eb6eb137a988cf801fc1cbf1947
                                                                              • Instruction Fuzzy Hash: 6C51EA72A04349AFE721DF64DC84EA7B7FAEF84794F14082AE749C3250EB31D9148B56
                                                                              Function 02F779AC Relevance: 18.1, APIs: 12, Instructions: 94pipesleepfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 02F779BB
                                                                              • GetTickCount.KERNEL32 ref: 02F779C5
                                                                              • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00100000,00000000), ref: 02F779DF
                                                                              • GetLastError.KERNEL32 ref: 02F779EC
                                                                              • WaitNamedPipeA.KERNEL32(?,00002710), ref: 02F77A01
                                                                              • Sleep.KERNEL32(000003E8), ref: 02F77A0E
                                                                              • GetTickCount.KERNEL32 ref: 02F77A14
                                                                              • GetLastError.KERNEL32 ref: 02F77A2A
                                                                              • GetLastError.KERNEL32 ref: 02F77A3A
                                                                              • SetNamedPipeHandleState.KERNEL32(?,?,00000000,00000000), ref: 02F77A58
                                                                              • GetLastError.KERNEL32 ref: 02F77A62
                                                                              • DisconnectNamedPipe.KERNEL32(?), ref: 02F77A9C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$CountNamedPipeTick$CreateDisconnectFileHandleSleepStateWait
                                                                              • String ID:
                                                                              • API String ID: 34948862-0
                                                                              • Opcode ID: 092ee15c1ec89ed77b85cb02e6e52e9d0863aa1580277295d0b29615996b9667
                                                                              • Instruction ID: 82ee91e32e5302bdc1a72e5e251156f97f74e4a34db88681b800ead1e44b0d8f
                                                                              • Opcode Fuzzy Hash: 092ee15c1ec89ed77b85cb02e6e52e9d0863aa1580277295d0b29615996b9667
                                                                              • Instruction Fuzzy Hash: F9219731F502096BF71177B4FC89F6DB669AB047E4F100823FB16E60E0EB6159914E61
                                                                              Function 02F7A4E3 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 157processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F7A504
                                                                                • Part of subcall function 02F716CB: _malloc.LIBCMT ref: 02F716D1
                                                                              • GetCurrentProcess.KERNEL32 ref: 02F7A54F
                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02F7A583
                                                                              • Process32First.KERNEL32(00000000,?), ref: 02F7A5A5
                                                                                • Part of subcall function 02F7171B: htonl.WS2_32(0000001F), ref: 02F71721
                                                                              • Process32Next.KERNEL32(00000000,00000128), ref: 02F7A688
                                                                                • Part of subcall function 02F7A477: OpenProcessToken.ADVAPI32(?,00000008,?), ref: 02F7A484
                                                                              • ProcessIdToSessionId.KERNEL32(?,?,00000002,00000000), ref: 02F7A629
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$Process32$CreateCurrentFirstNextOpenSessionSnapshotTokenToolhelp32_malloc_memsethtonl
                                                                              • String ID: %s%d%d%s%s%d$%s%d%d$x64$x86
                                                                              • API String ID: 3674674043-1833344708
                                                                              • Opcode ID: 74a813c2fa20aa5d0ba73446284cd74325765d855081478d27b7795b1e2b4f2e
                                                                              • Instruction ID: cf7000f54a32f4d6a99d8eff7136d2f74c02bd673f1cdc2c6a4126082a83d49b
                                                                              • Opcode Fuzzy Hash: 74a813c2fa20aa5d0ba73446284cd74325765d855081478d27b7795b1e2b4f2e
                                                                              • Instruction Fuzzy Hash: 6F515272D0021DAAEF11ABA0DC45EEFB7BDAF047D4F1500A7E708E2150EB349A958F61
                                                                              Function 02F78919 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 69networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 02F7892A
                                                                              • select.WS2_32(00000000,00000000,?,?,00000000), ref: 02F78975
                                                                              • __WSAFDIsSet.WS2_32(?,?), ref: 02F78985
                                                                              • __WSAFDIsSet.WS2_32(?,?), ref: 02F78998
                                                                              • GetTickCount.KERNEL32 ref: 02F789A1
                                                                              • gethostbyname.WS2_32(?), ref: 02F789AC
                                                                              • htons.WS2_32(?), ref: 02F789BF
                                                                              • inet_addr.WS2_32(?), ref: 02F789CB
                                                                              • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 02F789E5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$gethostbynamehtonsinet_addrselectsendto
                                                                              • String ID: d
                                                                              • API String ID: 1257931466-2564639436
                                                                              • Opcode ID: 267413ff60329baf4e877a7d0a40425254cfebb62035021615e37665737192f1
                                                                              • Instruction ID: 8ed2b03324dbbf1795e18148af19ca86f42ed485d0e4979bfe62dd93ac02735f
                                                                              • Opcode Fuzzy Hash: 267413ff60329baf4e877a7d0a40425254cfebb62035021615e37665737192f1
                                                                              • Instruction Fuzzy Hash: DD21807290020DABDF11DFA0EC49FEEBBB9EF08780F1001A6EA04E6151D771DA519F91
                                                                              Function 02F7E114 Relevance: 16.6, APIs: 11, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • htonl.WS2_32 ref: 02F7E13C
                                                                              • htonl.WS2_32(?), ref: 02F7E14C
                                                                              • GetLastError.KERNEL32 ref: 02F7E176
                                                                              • OpenProcessToken.ADVAPI32(00000000,00000000,00000008), ref: 02F7E19A
                                                                              • GetLastError.KERNEL32 ref: 02F7E1A4
                                                                              • ImpersonateLoggedOnUser.ADVAPI32(00000008), ref: 02F7E1C3
                                                                              • GetLastError.KERNEL32 ref: 02F7E1C9
                                                                              • DuplicateTokenEx.ADVAPI32(00000008,02000000,00000000,00000003,00000001,02FB08A4), ref: 02F7E1E8
                                                                              • GetLastError.KERNEL32 ref: 02F7E1F2
                                                                              • ImpersonateLoggedOnUser.ADVAPI32 ref: 02F7E204
                                                                              • GetLastError.KERNEL32 ref: 02F7E20A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$ImpersonateLoggedTokenUserhtonl$DuplicateOpenProcess
                                                                              • String ID:
                                                                              • API String ID: 332438066-0
                                                                              • Opcode ID: 8bdcfb9fac6b61cfe728967fb5fdc6f0f804f33e975df7183e6f97413362dbe3
                                                                              • Instruction ID: 6ca3342512c8881ef5a7af2256bcd4edd6fa491eeabdcbc837c35e39ee8424e9
                                                                              • Opcode Fuzzy Hash: 8bdcfb9fac6b61cfe728967fb5fdc6f0f804f33e975df7183e6f97413362dbe3
                                                                              • Instruction Fuzzy Hash: 5631B571E40209BBFB206BA0EC49FAA7BBEAF407D9F1444ABF705D5090DBB09554CE61
                                                                              Function 02F78853 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networksleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 02F78864
                                                                              • select.WS2_32(00000000,00000000,?,?,00000000), ref: 02F788B2
                                                                              • __WSAFDIsSet.WS2_32(?,?), ref: 02F788C2
                                                                              • __WSAFDIsSet.WS2_32(?,?), ref: 02F788D5
                                                                              • send.WS2_32(?,00000000,?,00000000), ref: 02F788E9
                                                                              • WSAGetLastError.WS2_32(?,00000000,?,00000000,?,?,?,?), ref: 02F788F3
                                                                              • Sleep.KERNEL32(000003E8), ref: 02F78905
                                                                              • GetTickCount.KERNEL32 ref: 02F7890B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$ErrorLastSleepselectsend
                                                                              • String ID: d
                                                                              • API String ID: 2152284305-2564639436
                                                                              • Opcode ID: 0a35f35d2ddc2f6329708bc9114f3c510af1b3235ee7d04bca545734282fa3f6
                                                                              • Instruction ID: 7561168052e069a1299dfce33e4cb4a1a8f1b87f52e47a8d3e6b2ed10be0f047
                                                                              • Opcode Fuzzy Hash: 0a35f35d2ddc2f6329708bc9114f3c510af1b3235ee7d04bca545734282fa3f6
                                                                              • Instruction Fuzzy Hash: FF119071D4020DABEB11DF64EC88BD9BBB9FB04784F1005A7E604D2090D7B09A919F90
                                                                              Function 02F73741 Relevance: 15.1, APIs: 10, Instructions: 103sleepfilepipeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 02F73757
                                                                              • GetLastError.KERNEL32 ref: 02F737B7
                                                                              • GetTickCount.KERNEL32 ref: 02F737C2
                                                                              • Sleep.KERNEL32(000003E8), ref: 02F737CD
                                                                              • GetLastError.KERNEL32 ref: 02F737D9
                                                                              • WriteFile.KERNEL32(?,?,00000004,?,00000000), ref: 02F7380B
                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 02F73836
                                                                              • FlushFileBuffers.KERNEL32(?), ref: 02F7384A
                                                                              • DisconnectNamedPipe.KERNEL32(?), ref: 02F73853
                                                                              • Sleep.KERNEL32(000003E8), ref: 02F73866
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$CountErrorLastSleepTickWrite$BuffersDisconnectFlushNamedPipe
                                                                              • String ID:
                                                                              • API String ID: 3101085627-0
                                                                              • Opcode ID: 5cc56c4ff60eb242d1f294d6400b28b2e4efdff26f8c1f9b822538d84fad38ca
                                                                              • Instruction ID: 8ace0d016788e790c22faafa6b5f683191bcf99b7eeeae52fa1bcdd5a2e1e485
                                                                              • Opcode Fuzzy Hash: 5cc56c4ff60eb242d1f294d6400b28b2e4efdff26f8c1f9b822538d84fad38ca
                                                                              • Instruction Fuzzy Hash: AC315E72D4010DBFEB01EBA4DC89EEEB779EB04784F1004A6E605E2150DB31AE95DFA1
                                                                              Function 02F75EEC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 73COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F75EFC
                                                                              • _memset.LIBCMT ref: 02F75F08
                                                                                • Part of subcall function 02F76072: _malloc.LIBCMT ref: 02F760C4
                                                                                • Part of subcall function 02F76072: _malloc.LIBCMT ref: 02F760CF
                                                                                • Part of subcall function 02F76072: _memset.LIBCMT ref: 02F760DB
                                                                                • Part of subcall function 02F76072: _memset.LIBCMT ref: 02F760E6
                                                                                • Part of subcall function 02F76072: _rand.LIBCMT ref: 02F76144
                                                                              • __snprintf.LIBCMT ref: 02F75F59
                                                                              • __snprintf.LIBCMT ref: 02F75F71
                                                                              • _memset.LIBCMT ref: 02F75F90
                                                                              • _memset.LIBCMT ref: 02F75F9B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$__snprintf_malloc$_rand
                                                                              • String ID: %s&%s$?%s
                                                                              • API String ID: 1876596931-1750478248
                                                                              • Opcode ID: 85ac9aafe9fc540addf30e738ce335a5297ebccfb0a6d2ff96b4ad06f9f45b9b
                                                                              • Instruction ID: a9665cd12c69454e7ff7e85d2c6efccecef68810732af5b688a4516fe05e6de1
                                                                              • Opcode Fuzzy Hash: 85ac9aafe9fc540addf30e738ce335a5297ebccfb0a6d2ff96b4ad06f9f45b9b
                                                                              • Instruction Fuzzy Hash: 2821AE72900100BBEF15AF14CC81F9B7B6AEF81790F644085FE006B296E770FE21CAA5
                                                                              Function 02F7C35D Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781C2
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781D2
                                                                              • _memset.LIBCMT ref: 02F7C3CE
                                                                                • Part of subcall function 02F7C7BA: _memset.LIBCMT ref: 02F7C8B6
                                                                              • _malloc.LIBCMT ref: 02F7C3E1
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              • _memset.LIBCMT ref: 02F7C3F3
                                                                                • Part of subcall function 02F7EA37: _malloc.LIBCMT ref: 02F7EA5E
                                                                                • Part of subcall function 02F7EA37: _memset.LIBCMT ref: 02F7EA8C
                                                                              • htonl.WS2_32(00000000), ref: 02F7C424
                                                                              • GetComputerNameExA.KERNEL32(00000006,?,?), ref: 02F7C495
                                                                              • GetComputerNameA.KERNEL32(?,?), ref: 02F7C4C6
                                                                              • GetUserNameA.ADVAPI32(?,?), ref: 02F7C4F7
                                                                                • Part of subcall function 02F72F1B: WSASocketA.WS2_32(00000002,00000002,00000000,00000000,00000000,00000000), ref: 02F72F3F
                                                                              • _malloc.LIBCMT ref: 02F7C5CF
                                                                              • _memset.LIBCMT ref: 02F7C661
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc_memset$Name$Computer$AllocateHeapSocketUserhtonl
                                                                              • String ID:
                                                                              • API String ID: 932012179-0
                                                                              • Opcode ID: 98e702e7ce14e33b551b96bd417f967c57c765879a0a66d3ff5059f783887ab6
                                                                              • Instruction ID: 69ed6aaa44822bff2e4277576ceb55854a46f3643f79b2e5a0e0b08993163ecd
                                                                              • Opcode Fuzzy Hash: 98e702e7ce14e33b551b96bd417f967c57c765879a0a66d3ff5059f783887ab6
                                                                              • Instruction Fuzzy Hash: C98126729483046AD720EB689C85F6FB7EEAF88BD0F11481FF78897180DB75C5458B62
                                                                              Function 02F78748 Relevance: 13.6, APIs: 9, Instructions: 101networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • htonl.WS2_32 ref: 02F78767
                                                                              • htons.WS2_32(00000000), ref: 02F78778
                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 02F787B1
                                                                              • closesocket.WS2_32(00000000), ref: 02F787C0
                                                                              • gethostbyname.WS2_32(00000000), ref: 02F787DE
                                                                              • htons.WS2_32(?), ref: 02F7880A
                                                                              • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 02F7881D
                                                                              • connect.WS2_32(00000000,?,00000010), ref: 02F7882E
                                                                              • WSAGetLastError.WS2_32(00000000,?,00000010), ref: 02F78837
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: htons$ErrorLastclosesocketconnectgethostbynamehtonlioctlsocketsocket
                                                                              • String ID:
                                                                              • API String ID: 3339321253-0
                                                                              • Opcode ID: b5b8ba5989ba31768ef3f7c1a1a8369f054afea8b84ca9bb97e1acb8db5dcf0e
                                                                              • Instruction ID: 07c119ccdd2b3fa40ae7e123fab1b79b053e1f861cd1e85534119b714f4d2e1f
                                                                              • Opcode Fuzzy Hash: b5b8ba5989ba31768ef3f7c1a1a8369f054afea8b84ca9bb97e1acb8db5dcf0e
                                                                              • Instruction Fuzzy Hash: 4431C2B6D10218AAEB21BBE5DC88EAEB7ADEF043D4F040166FB45E7140E73499058B65
                                                                              Function 02F74B7A Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781C2
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781D2
                                                                              • _memset.LIBCMT ref: 02F74BDD
                                                                              • GetStartupInfoA.KERNEL32(?), ref: 02F74BF5
                                                                                • Part of subcall function 02F731C8: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000400,02F74ACB,?,02F748E4,02F74ACB,?,00000400), ref: 02F731DE
                                                                                • Part of subcall function 02F731C8: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,02F74ACB,02F748E4,?,02F748E4,02F74ACB,?,00000400,?,?,?,?,02F74ACB), ref: 02F731F7
                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 02F74C5A
                                                                              • GetCurrentDirectoryW.KERNEL32(00000400,?), ref: 02F74C64
                                                                              • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000001,00000000,00000000,00000000,00000000,00000000,?,02F732CF), ref: 02F74C8F
                                                                              • GetLastError.KERNEL32 ref: 02F74C9E
                                                                                • Part of subcall function 02F726E2: _vswprintf_s.LIBCMT ref: 02F726FE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ByteCharCurrentDirectoryMultiWide_malloc$CreateErrorInfoLastLogonProcessStartupWith_memset_vswprintf_s
                                                                              • String ID: %s as %s\%s: %d
                                                                              • API String ID: 963358868-816037529
                                                                              • Opcode ID: f94c44d19bef36f30d44833dbb24841a624eeb09ab74591b106e7fb1ad34d809
                                                                              • Instruction ID: af3a28a1e540faa470f61259d9a11e52f6010b6bfc5e6408c03ef22003af14c6
                                                                              • Opcode Fuzzy Hash: f94c44d19bef36f30d44833dbb24841a624eeb09ab74591b106e7fb1ad34d809
                                                                              • Instruction Fuzzy Hash: 45412971D00208BBDF01AFA9DC48E9FBFBAEF59790F10401AF614A6160D7758A20DF65
                                                                              Function 02F7DF65 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F7DF89
                                                                              • _memset.LIBCMT ref: 02F7DF97
                                                                              • _memset.LIBCMT ref: 02F7DFA5
                                                                              • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),?,00001000,?), ref: 02F7DFC2
                                                                              • LookupAccountSidA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02F7DFF1
                                                                              • __snprintf.LIBCMT ref: 02F7E013
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$AccountInformationLookupToken__snprintf
                                                                              • String ID: %s\%s
                                                                              • API String ID: 2009363630-4073750446
                                                                              • Opcode ID: 66284608b660d97ab861d1c89ba1289384db883b0f87447775b81d2220f3bccc
                                                                              • Instruction ID: 3a1612684e02850817c3e95fbc3b3be19c8a5bae5dc81291b0e9248bbed53ad2
                                                                              • Opcode Fuzzy Hash: 66284608b660d97ab861d1c89ba1289384db883b0f87447775b81d2220f3bccc
                                                                              • Instruction Fuzzy Hash: BA21D0B294111DBAEF11DA94DC84EEF77BCFF04784F0448BAB615E2100E670AB848F65
                                                                              Function 032D1DA9 Relevance: 12.2, APIs: 8, Instructions: 196COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf$_memset
                                                                              • String ID:
                                                                              • API String ID: 444161222-0
                                                                              • Opcode ID: 2da3511d33a5d9c64791134d8e0135a70be9b0f43036398cb03b1249db1be582
                                                                              • Instruction ID: 74de070d12dbecc8aa1210b8d052816eaaee993a917e13b1b9a2b5c60bd72783
                                                                              • Opcode Fuzzy Hash: 2da3511d33a5d9c64791134d8e0135a70be9b0f43036398cb03b1249db1be582
                                                                              • Instruction Fuzzy Hash: 4961D472810269BFDB12EBA4CC84EFE77BDFF05200F4800A5F545EB161D775AA998B60
                                                                              Function 02F74112 Relevance: 12.1, APIs: 8, Instructions: 58pipethreadfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F7412F
                                                                              • GetLastError.KERNEL32 ref: 02F74142
                                                                              • ConnectNamedPipe.KERNEL32(00000000), ref: 02F74156
                                                                              • ReadFile.KERNEL32(?,00000001,?,00000000), ref: 02F74170
                                                                              • ImpersonateNamedPipeClient.ADVAPI32 ref: 02F74180
                                                                              • GetCurrentThread.KERNEL32 ref: 02F74195
                                                                              • OpenThreadToken.ADVAPI32(00000000), ref: 02F7419C
                                                                              • DisconnectNamedPipe.KERNEL32(?), ref: 02F741B0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: NamedPipe$Thread$ClientConnectCurrentDisconnectErrorFileImpersonateLastOpenReadToken_memset
                                                                              • String ID:
                                                                              • API String ID: 3867162830-0
                                                                              • Opcode ID: 9f0ffba4973da5f64c377e58eb3dcb0aa1c36980d0839208b19044be3949592d
                                                                              • Instruction ID: 096d9f128573ba611420a17edf98132db32dd26e872d114dd6291e49916df8d1
                                                                              • Opcode Fuzzy Hash: 9f0ffba4973da5f64c377e58eb3dcb0aa1c36980d0839208b19044be3949592d
                                                                              • Instruction Fuzzy Hash: 6C112471E8010DABFB11EB64FD86E6ABB7DAB047CCF044865E701E1150D7708D949F60
                                                                              Function 02F8989C Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                              • String ID:
                                                                              • API String ID: 3886058894-0
                                                                              • Opcode ID: 73bb71f67bf0becb2f1dd24f7f3995b2945a0b1f834a48f7059707b9a443755c
                                                                              • Instruction ID: ac1929aec0df75a32dc77f810ecfb373ad579fc215a1bf6acade60d462869c45
                                                                              • Opcode Fuzzy Hash: 73bb71f67bf0becb2f1dd24f7f3995b2945a0b1f834a48f7059707b9a443755c
                                                                              • Instruction Fuzzy Hash: C551D731E00205EFCF20AF698C449BEFBB5EF813A4F148219EA2592390E7B09A51CF50
                                                                              Function 032E8CE3 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                              • String ID:
                                                                              • API String ID: 3886058894-0
                                                                              • Opcode ID: be45696a32e206cab89c2fccae979ac639060203ce16becbc01005babec9e347
                                                                              • Instruction ID: 6a5e153daef4350a9ea0bd7c2b9ea4965a056da1f9647dadb1ae12581359c89e
                                                                              • Opcode Fuzzy Hash: be45696a32e206cab89c2fccae979ac639060203ce16becbc01005babec9e347
                                                                              • Instruction Fuzzy Hash: 6C510732920205EFCB20CFB9C84659FBBB5EF51B20F9C8659F8A596190D77089D0CB91
                                                                              Function 02F76072 Relevance: 10.7, APIs: 7, Instructions: 184COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$_malloc$_rand
                                                                              • String ID:
                                                                              • API String ID: 2453798774-0
                                                                              • Opcode ID: ddbd3a025a0aec4532e33c5aeeeb488dbb3b77c694aae14c4e3775a50cde72ac
                                                                              • Instruction ID: 0356e5eff848c41ef866cf0869331260b39e624b079ef0c684f367d100d205e9
                                                                              • Opcode Fuzzy Hash: ddbd3a025a0aec4532e33c5aeeeb488dbb3b77c694aae14c4e3775a50cde72ac
                                                                              • Instruction Fuzzy Hash: CE511631E00609AFEF01AB78DC44BEEBBB9DF46380F14409AEA84E7251DB709A05CB54
                                                                              Function 032D54B9 Relevance: 10.7, APIs: 7, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$_malloc$_rand
                                                                              • String ID:
                                                                              • API String ID: 2453798774-0
                                                                              • Opcode ID: 75c1d89bc45a6c8dcb5618c688f5539780bfa6badbf1ba624bde91fa96b31e63
                                                                              • Instruction ID: 1d5a817fbc735332f7fe77a6f22ee1adfc72302ce520fdb2deb7780a1c2533b9
                                                                              • Opcode Fuzzy Hash: 75c1d89bc45a6c8dcb5618c688f5539780bfa6badbf1ba624bde91fa96b31e63
                                                                              • Instruction Fuzzy Hash: CE512635A10356BFDB02DF78CC55BFE7BB99F46200F284095E881AB250DBB08A85C790
                                                                              Function 02F74763 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateProcessWithLogonW.ADVAPI32(00000002,00000000,?,C0330CC4,00000000,02F74994,C3E8296A,83FFFFDB,7591E010,02F74ACB), ref: 02F74795
                                                                              • GetLastError.KERNEL32 ref: 02F747A7
                                                                              • _memset.LIBCMT ref: 02F747F0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateErrorLastLogonProcessWith_memset
                                                                              • String ID: sysnative$system32
                                                                              • API String ID: 2584212486-2461298002
                                                                              • Opcode ID: 4b0cd26b846844e4c9bebd29d7247e7af89ee28748500470df805df7c5263cd7
                                                                              • Instruction ID: 3c95c2374c711a558e9f3fecd6613d145ec818c5c24796d73dc6a09f457225d7
                                                                              • Opcode Fuzzy Hash: 4b0cd26b846844e4c9bebd29d7247e7af89ee28748500470df805df7c5263cd7
                                                                              • Instruction Fuzzy Hash: 2B315676D00188AFDB129B64EC48FA37BBAEF05380F084465FB99DB210EB31C614CB90
                                                                              Function 02F7E65A Relevance: 10.6, APIs: 7, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32 ref: 02F7E68B
                                                                              • OpenProcessToken.ADVAPI32(00000000,?,00000000), ref: 02F7E6A9
                                                                              • GetLastError.KERNEL32 ref: 02F7E6B3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$OpenProcessToken
                                                                              • String ID:
                                                                              • API String ID: 2009710997-0
                                                                              • Opcode ID: 2c96d4d1600f9c6c083fed842aa98e21daf4c7b99acaa14d460c5129b4b4bc1c
                                                                              • Instruction ID: 369c9512d4586e2fd9809e092a52c36e7c5285def482f3c82ff12ad8b61f990c
                                                                              • Opcode Fuzzy Hash: 2c96d4d1600f9c6c083fed842aa98e21daf4c7b99acaa14d460c5129b4b4bc1c
                                                                              • Instruction Fuzzy Hash: 92215172E90219BBE7106BE0EC4DF6EB66DEF44BC9F240456BB01D5190E7749D108E61
                                                                              Function 02F75FB6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F75FC6
                                                                              • _memset.LIBCMT ref: 02F75FD2
                                                                                • Part of subcall function 02F76072: _malloc.LIBCMT ref: 02F760C4
                                                                                • Part of subcall function 02F76072: _malloc.LIBCMT ref: 02F760CF
                                                                                • Part of subcall function 02F76072: _memset.LIBCMT ref: 02F760DB
                                                                                • Part of subcall function 02F76072: _memset.LIBCMT ref: 02F760E6
                                                                                • Part of subcall function 02F76072: _rand.LIBCMT ref: 02F76144
                                                                              • __snprintf.LIBCMT ref: 02F7602E
                                                                              • _memset.LIBCMT ref: 02F7604C
                                                                              • _memset.LIBCMT ref: 02F76057
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$_malloc$__snprintf_rand
                                                                              • String ID: %s%s
                                                                              • API String ID: 4266533377-3438391663
                                                                              • Opcode ID: 678d35252baf5b2de343b89d8006df88b41a9d7e0644e36d84b7b25136329a69
                                                                              • Instruction ID: 9147c8badbbefcc47a8f46968763df97495ffa4aef81f463b7285d5cf8b9a15e
                                                                              • Opcode Fuzzy Hash: 678d35252baf5b2de343b89d8006df88b41a9d7e0644e36d84b7b25136329a69
                                                                              • Instruction Fuzzy Hash: 25210632900110BBDF25AF14CC45F9B3B7AEF86B90F244085EE00AB256E771EE11CAE5
                                                                              Function 02F77C49 Relevance: 10.6, APIs: 7, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 02F77C57
                                                                              • ioctlsocket.WS2_32(?,8004667E,?), ref: 02F77C7B
                                                                              • GetTickCount.KERNEL32 ref: 02F77CB2
                                                                              • ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 02F77CD7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTickioctlsocket
                                                                              • String ID:
                                                                              • API String ID: 3686034022-0
                                                                              • Opcode ID: c96da93580eee7e1f844fc0ae782f373759f6efb9796e885264c36356c596bbf
                                                                              • Instruction ID: d7a9e1e249e15802fb899f17ad5b2fd8b7e7f4d62dde23bc1e82cd13921ed90e
                                                                              • Opcode Fuzzy Hash: c96da93580eee7e1f844fc0ae782f373759f6efb9796e885264c36356c596bbf
                                                                              • Instruction Fuzzy Hash: 2211913196010CBBEB009FA1DC45BECF768EB043A9F008416F614E6190D7B49994CB61
                                                                              Function 02F7EC6F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 02F7EC76
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              • _malloc.LIBCMT ref: 02F7EC83
                                                                              • _malloc.LIBCMT ref: 02F7EC9E
                                                                              • __snprintf.LIBCMT ref: 02F7ECB1
                                                                              • _malloc.LIBCMT ref: 02F7ECD0
                                                                              Strings
                                                                              • HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d, xrefs: 02F7ECA4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc$AllocateHeap__snprintf
                                                                              • String ID: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d
                                                                              • API String ID: 3929630252-2739389480
                                                                              • Opcode ID: ec5fef5e0e33c76ee52dcf4911f66bff2b9da5c09d4b1af65733db8b6750f136
                                                                              • Instruction ID: d86bb88c0c78db924fe327372c0a9817a5f32b285d8f00f23c7a7e9ea2fd21ac
                                                                              • Opcode Fuzzy Hash: ec5fef5e0e33c76ee52dcf4911f66bff2b9da5c09d4b1af65733db8b6750f136
                                                                              • Instruction Fuzzy Hash: 90016DB09003096FD710AF7ADC84A5AFBE9EF447D0B40882AF68DC7200DE74E5048B94
                                                                              Function 02F7460A Relevance: 9.1, APIs: 6, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 02F7A4B4: GetCurrentProcess.KERNEL32(?,02F7647C,?,02F764D4), ref: 02F7A4C0
                                                                              • GetLastError.KERNEL32(?,00000000,?,?), ref: 02F7465F
                                                                              • _malloc.LIBCMT ref: 02F746CA
                                                                              • _memset.LIBCMT ref: 02F746DB
                                                                              • _memset.LIBCMT ref: 02F7470C
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 02F7473C
                                                                              • _memset.LIBCMT ref: 02F74751
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$ErrorLast$CurrentProcess_malloc
                                                                              • String ID:
                                                                              • API String ID: 2196066725-0
                                                                              • Opcode ID: c903304ed4ecb01eb1d1d0e335d6c9c826e5db6e3332346d5291a559831896d8
                                                                              • Instruction ID: 0d1492f0eb26f177eb3fc87f675bf8f5858e06d90a7872d407b7c5b225b60bd7
                                                                              • Opcode Fuzzy Hash: c903304ed4ecb01eb1d1d0e335d6c9c826e5db6e3332346d5291a559831896d8
                                                                              • Instruction Fuzzy Hash: 1641A2B6A00019BEEB00ABA8DC41EBEB7BEEF04784F140056FB14E5191EB719A51DF65
                                                                              Function 02F7273C Relevance: 9.1, APIs: 6, Instructions: 115networkCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InternetOpenA.WININET(02F71572,00000003,00000000,00000000,00000000), ref: 02F727C2
                                                                              • InternetSetOptionA.WININET(00000005,0003A980,00000004), ref: 02F727E1
                                                                              • InternetSetOptionA.WININET(00000006,0003A980,00000004), ref: 02F727F1
                                                                              • InternetConnectA.WININET(?,?,00000000,00000000,00000003,00000000,02FAFFC4), ref: 02F72809
                                                                              • InternetSetOptionA.WININET(00000000,0000002B,00000000,00000000), ref: 02F7283A
                                                                              • InternetSetOptionA.WININET(0000002C,00000000,00000000), ref: 02F72856
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Internet$Option$ConnectOpen
                                                                              • String ID:
                                                                              • API String ID: 230958251-0
                                                                              • Opcode ID: f36582f855f859254553bd62b4587298869473b32e3a86f062a16f720b8524b4
                                                                              • Instruction ID: f8cd1507928e7cb544c87b18280932d90086b7df6c03b153bc3c566e9ac79ab4
                                                                              • Opcode Fuzzy Hash: f36582f855f859254553bd62b4587298869473b32e3a86f062a16f720b8524b4
                                                                              • Instruction Fuzzy Hash: 2E3198729C024C7AE6356B61ED0AF6B7F2DE791FD0F50051BFB01990D0DA768951CA60
                                                                              Function 02F7CB1C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __time64.LIBCMT ref: 02F7CB28
                                                                                • Part of subcall function 02F89E8E: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,02F7CB2D,00000000,00000080,?,?,?,02F713F0,?,00000000,00000000,00000000,00000000), ref: 02F89E99
                                                                                • Part of subcall function 02F89E8E: __aulldiv.LIBCMT ref: 02F89EB9
                                                                                • Part of subcall function 02F88C0A: __getptd.LIBCMT ref: 02F88C0F
                                                                              • _malloc.LIBCMT ref: 02F7CB71
                                                                              • _memset.LIBCMT ref: 02F7CB8F
                                                                              • _strtok.LIBCMT ref: 02F7CBB4
                                                                              • _strtok.LIBCMT ref: 02F7CBD7
                                                                              • _strtok.LIBCMT ref: 02F7CBE6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strtok$Time$FileSystem__aulldiv__getptd__time64_malloc_memset
                                                                              • String ID:
                                                                              • API String ID: 3072773955-0
                                                                              • Opcode ID: 7a6ec11951732095af93810ee716d5e7e6c86b56bf7ece3c6350cd0175e0655a
                                                                              • Instruction ID: 92300c932bca8b38bd97f47d3674f0ec212636d4dc050313e770686a4d018572
                                                                              • Opcode Fuzzy Hash: 7a6ec11951732095af93810ee716d5e7e6c86b56bf7ece3c6350cd0175e0655a
                                                                              • Instruction Fuzzy Hash: 7B21A6B15047055FD719EF3CDC85AB7BBE9EB05390B00456EEA9AC7240EB31E9058B61
                                                                              Function 032DBF63 Relevance: 9.1, APIs: 6, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strtok$__aulldiv__getptd__time64_malloc_memset
                                                                              • String ID:
                                                                              • API String ID: 512601900-0
                                                                              • Opcode ID: 48720511a30ea9561bc50dee288fc5aadba22df75b4c1b9df4666e77f59b8890
                                                                              • Instruction ID: 516f4149ba75dd4770aaa80759224c1f5dca55212260afdd3520c9a05c174139
                                                                              • Opcode Fuzzy Hash: 48720511a30ea9561bc50dee288fc5aadba22df75b4c1b9df4666e77f59b8890
                                                                              • Instruction Fuzzy Hash: BA21F3B51147016FD719DF38D886EB77BE8EB05314B40446EE89ACB240EB71E988CF21
                                                                              Function 02F794FD Relevance: 9.1, APIs: 6, Instructions: 91threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32 ref: 02F7951B
                                                                              • UpdateProcThreadAttribute.KERNEL32(?,00000000,00020000,?,00000004,00000000,00000000), ref: 02F79549
                                                                              • GetLastError.KERNEL32 ref: 02F79553
                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,?), ref: 02F79588
                                                                              • GetCurrentProcess.KERNEL32(00000000,?,?), ref: 02F795AA
                                                                              • GetCurrentProcess.KERNEL32(?,?,?), ref: 02F795C3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CurrentProcess$ErrorLast$AttributeProcThreadUpdate
                                                                              • String ID:
                                                                              • API String ID: 1014270282-0
                                                                              • Opcode ID: b01bf8ea91c6d495ede05220c0ce221b1279acd0643ea17b67887d81c0df417b
                                                                              • Instruction ID: 4f2e7ff0048c8e9cffe141d07aa368ef47f0eaa2753eed371873ff9b342cd5d5
                                                                              • Opcode Fuzzy Hash: b01bf8ea91c6d495ede05220c0ce221b1279acd0643ea17b67887d81c0df417b
                                                                              • Instruction Fuzzy Hash: FA2147B2A04315BFEB14AFA4EC49D6B77ADEF09794F14081EFB06D7250D7B1E9108A60
                                                                              Function 032D5333 Relevance: 9.1, APIs: 6, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 032D5343
                                                                              • _memset.LIBCMT ref: 032D534F
                                                                                • Part of subcall function 032D54B9: _malloc.LIBCMT ref: 032D550B
                                                                                • Part of subcall function 032D54B9: _malloc.LIBCMT ref: 032D5516
                                                                                • Part of subcall function 032D54B9: _memset.LIBCMT ref: 032D5522
                                                                                • Part of subcall function 032D54B9: _memset.LIBCMT ref: 032D552D
                                                                                • Part of subcall function 032D54B9: _rand.LIBCMT ref: 032D558B
                                                                              • __snprintf.LIBCMT ref: 032D53A0
                                                                              • __snprintf.LIBCMT ref: 032D53B8
                                                                              • _memset.LIBCMT ref: 032D53D7
                                                                              • _memset.LIBCMT ref: 032D53E2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$__snprintf_malloc$_rand
                                                                              • String ID:
                                                                              • API String ID: 1876596931-0
                                                                              • Opcode ID: e9ed54a4a77dd13d35101f88d34e502c55548b4bb63c99b13df0d58da31436f4
                                                                              • Instruction ID: 13149c9e40705c27d34eea7932da8002326dd4f0f1c1721790f5cf5065da7c59
                                                                              • Opcode Fuzzy Hash: e9ed54a4a77dd13d35101f88d34e502c55548b4bb63c99b13df0d58da31436f4
                                                                              • Instruction Fuzzy Hash: CD218B75510240BBDF15EE05CC82F6B7B69EF92600FA54085FE006F296E7F1EDA1C6A1
                                                                              Function 02F771C8 Relevance: 9.1, APIs: 6, Instructions: 62pipefileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,02F772A9,02F737B2,00000000,?,02F737B2,?), ref: 02F771EC
                                                                              • WaitNamedPipeA.KERNEL32(02F737B2,00002710), ref: 02F77201
                                                                              • CreateFileA.KERNEL32(02F737B2,C0000000,00000000,00000000,00000003,00000000,00000000,759223A0,-0000EA60,?,?,?,02F772A9,02F737B2,00000000), ref: 02F77219
                                                                              • SetNamedPipeHandleState.KERNEL32(?,02F737B2,00000000,00000000,?,02F772A9,02F737B2,00000000,?,02F737B2,?), ref: 02F7722F
                                                                              • DisconnectNamedPipe.KERNEL32(?,?,02F772A9,02F737B2,00000000,?,02F737B2,?), ref: 02F7723B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: NamedPipe$CreateDisconnectErrorFileHandleLastStateWait
                                                                              • String ID:
                                                                              • API String ID: 927366879-0
                                                                              • Opcode ID: fcc250e3874a6e8f28760881bf2879254f2d37da99426172f2e90b43a37ed334
                                                                              • Instruction ID: 43c04af0855d06aa02f332b4142112afcc748c4ed14e8ba0aa80ab63c7d84897
                                                                              • Opcode Fuzzy Hash: fcc250e3874a6e8f28760881bf2879254f2d37da99426172f2e90b43a37ed334
                                                                              • Instruction Fuzzy Hash: A411C871A60114BFEB00AF24EC09F7BBAADFF45784F000966FA16D20A0E7B09D50CE20
                                                                              Function 02F73927 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • htonl.WS2_32(00000000), ref: 02F73982
                                                                              • htonl.WS2_32(?), ref: 02F7398D
                                                                              • _malloc.LIBCMT ref: 02F739A4
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              • _memset.LIBCMT ref: 02F739FD
                                                                                • Part of subcall function 02F7C0FD: __snprintf.LIBCMT ref: 02F7C13C
                                                                                • Part of subcall function 02F7C0FD: __snprintf.LIBCMT ref: 02F7C14E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintfhtonl$AllocateHeap_malloc_memset
                                                                              • String ID: zyxwvutsrqponmlk
                                                                              • API String ID: 1734027086-3884694604
                                                                              • Opcode ID: 7ba74ab4ab5c6750e9d96df4ee2c703e6ccc2cd61846ddfb4e0da43051def6ed
                                                                              • Instruction ID: 3f6136a2c6a35176c12810342a2df05fa3307064da0eb8279d9c0761718084eb
                                                                              • Opcode Fuzzy Hash: 7ba74ab4ab5c6750e9d96df4ee2c703e6ccc2cd61846ddfb4e0da43051def6ed
                                                                              • Instruction Fuzzy Hash: 4D217F62E0020177E7103AB46C41B5F7BBADF457D0F1401BBFB05F72C2EA2489009BA0
                                                                              Function 02F7690F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 79libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,NtMapViewOfSection,00000000,?,00000000,02F765ED,00000000,00000000,00000000), ref: 02F7693C
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 02F76943
                                                                              • GetLastError.KERNEL32 ref: 02F769B6
                                                                                • Part of subcall function 02F7D9B2: GetCurrentProcess.KERNEL32(000F003F,00000000,00000000,?,00000000,00000001,00000000,D78B5955,00000000,?,?,02F71FCE,00000000,000F003F,?,00000000), ref: 02F7DA21
                                                                                • Part of subcall function 02F7DA6F: GetCurrentProcess.KERNEL32(00000080,?,02F71D9E,00000000,00000000,00000000,00000001,?,?,02F7DE6B,00000000,00000001,00000000,00000000,00000080,02F716C4), ref: 02F7DAAF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CurrentProcess$AddressErrorHandleLastModuleProc
                                                                              • String ID: NtMapViewOfSection$ntdll.dll
                                                                              • API String ID: 1006775078-3170647572
                                                                              • Opcode ID: b338798eb7b08ded00bdad94f304257ccbc9c50539c676ece360355bb3e57a49
                                                                              • Instruction ID: d0746f13d9577a941fef9ba51508935d9d2244af86a1cb3d31541943d06da0ef
                                                                              • Opcode Fuzzy Hash: b338798eb7b08ded00bdad94f304257ccbc9c50539c676ece360355bb3e57a49
                                                                              • Instruction Fuzzy Hash: 4A11A272940218BFEB14ABF4AC48DAE7B7DEF44BE0F24041BF715D6181DA3089508FA0
                                                                              Function 02F797C6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf$_memset
                                                                              • String ID: %s&%s=%s$?%s=%s
                                                                              • API String ID: 444161222-3403399194
                                                                              • Opcode ID: 69fff8c83caced3a2ed4051e5ae500af3a844e320482f903838554e970e4b16b
                                                                              • Instruction ID: c61df420f99d3615be70fb4e17d8f3c702e7c2a6b47603230711eda8c25ee968
                                                                              • Opcode Fuzzy Hash: 69fff8c83caced3a2ed4051e5ae500af3a844e320482f903838554e970e4b16b
                                                                              • Instruction Fuzzy Hash: 3801FFB2504200BBEB01EF04CC80F577769EF85B80F85449AFB056B256E2B1EE11CB72
                                                                              Function 032DB7A4 Relevance: 7.8, APIs: 5, Instructions: 273COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 032D7603: _malloc.LIBCMT ref: 032D7609
                                                                                • Part of subcall function 032D7603: _malloc.LIBCMT ref: 032D7619
                                                                              • _memset.LIBCMT ref: 032DB815
                                                                                • Part of subcall function 032DBC01: _memset.LIBCMT ref: 032DBCFD
                                                                              • _malloc.LIBCMT ref: 032DB828
                                                                                • Part of subcall function 032E7C46: __FF_MSGBANNER.LIBCMT ref: 032E7C69
                                                                                • Part of subcall function 032E7C46: __NMSG_WRITE.LIBCMT ref: 032E7C70
                                                                              • _memset.LIBCMT ref: 032DB83A
                                                                                • Part of subcall function 032DDE7E: _malloc.LIBCMT ref: 032DDEA5
                                                                                • Part of subcall function 032DDE7E: _memset.LIBCMT ref: 032DDED3
                                                                              • _malloc.LIBCMT ref: 032DBA16
                                                                              • _memset.LIBCMT ref: 032DBAA8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc_memset
                                                                              • String ID:
                                                                              • API String ID: 4137368368-0
                                                                              • Opcode ID: f9c874aefb29a918ebe8d89783b013946a3c117d743d1f6f25c12c717f7541be
                                                                              • Instruction ID: d7bcaf4f637714f891bf9abf9bfb53d5e92bb200fd987c75b9cf6e41d955dd2c
                                                                              • Opcode Fuzzy Hash: f9c874aefb29a918ebe8d89783b013946a3c117d743d1f6f25c12c717f7541be
                                                                              • Instruction Fuzzy Hash: D8813C769283116BE720EF29DC95B6BB7E8EF88710F12481EF5849F180DAB4D5C08792
                                                                              Function 02F718D3 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __vscwprintf_helper_malloc_memset_vswprintf_s_vwprintfhtonl
                                                                              • String ID:
                                                                              • API String ID: 3121112697-0
                                                                              • Opcode ID: cb5f096bf3fad2b11918b14d55575474077282c1f9ba5e56f200f138876ab51a
                                                                              • Instruction ID: c32c46a0d05b41a7d0eceb4fe3e3a8567ef6f0984e026367209543eb2f556095
                                                                              • Opcode Fuzzy Hash: cb5f096bf3fad2b11918b14d55575474077282c1f9ba5e56f200f138876ab51a
                                                                              • Instruction Fuzzy Hash: A9114DB6801618BFDB12AF94DC40EEF7BB9EF453D0F104466EA0596100EB319B45DEA5
                                                                              Function 032D53FD Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 032D540D
                                                                              • _memset.LIBCMT ref: 032D5419
                                                                                • Part of subcall function 032D54B9: _malloc.LIBCMT ref: 032D550B
                                                                                • Part of subcall function 032D54B9: _malloc.LIBCMT ref: 032D5516
                                                                                • Part of subcall function 032D54B9: _memset.LIBCMT ref: 032D5522
                                                                                • Part of subcall function 032D54B9: _memset.LIBCMT ref: 032D552D
                                                                                • Part of subcall function 032D54B9: _rand.LIBCMT ref: 032D558B
                                                                              • __snprintf.LIBCMT ref: 032D5475
                                                                              • _memset.LIBCMT ref: 032D5493
                                                                              • _memset.LIBCMT ref: 032D549E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$_malloc$__snprintf_rand
                                                                              • String ID:
                                                                              • API String ID: 4266533377-0
                                                                              • Opcode ID: 009c693c855a16ac8fd6041bb0bec3bef12f42173df92b8ba1fd06714240f90e
                                                                              • Instruction ID: ebfbbc1aeaac1df999f53a8ae6cfb294bed9aa97b85732046fbb8a918188895c
                                                                              • Opcode Fuzzy Hash: 009c693c855a16ac8fd6041bb0bec3bef12f42173df92b8ba1fd06714240f90e
                                                                              • Instruction Fuzzy Hash: 7E21C035910210BBCF15EE16CC46E9B7B69EF82300F654090ED006F255DBB1EDA1CAE2
                                                                              Function 02F78DB3 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 02F78DD8
                                                                              • GetTickCount.KERNEL32 ref: 02F78DF0
                                                                              • shutdown.WS2_32(00000000,00000002), ref: 02F78E0B
                                                                              • shutdown.WS2_32(00000000,00000002), ref: 02F78E18
                                                                              • closesocket.WS2_32(00000000), ref: 02F78E1D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTickshutdown$closesocket
                                                                              • String ID:
                                                                              • API String ID: 3414035747-0
                                                                              • Opcode ID: 737c019eb8e7a62d13fb09e679c3bee2770a286e280975e2b307ed7301c89539
                                                                              • Instruction ID: cc0068b610b8a94bb4ad3eb47b9b531cfe40e7b2c24bac1c30ae55ca38d66a2e
                                                                              • Opcode Fuzzy Hash: 737c019eb8e7a62d13fb09e679c3bee2770a286e280975e2b307ed7301c89539
                                                                              • Instruction Fuzzy Hash: 26110A32E00715CFDB31AF65E848A16B7E5BF447E9B144A1FEA9A93540D730E850DA90
                                                                              Function 02F90B1E Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 02F90B2A
                                                                                • Part of subcall function 02F8D797: __getptd_noexit.LIBCMT ref: 02F8D79A
                                                                                • Part of subcall function 02F8D797: __amsg_exit.LIBCMT ref: 02F8D7A7
                                                                              • __amsg_exit.LIBCMT ref: 02F90B4A
                                                                              • __lock.LIBCMT ref: 02F90B5A
                                                                              • InterlockedDecrement.KERNEL32(?), ref: 02F90B77
                                                                              • InterlockedIncrement.KERNEL32(03071668), ref: 02F90BA2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 4271482742-0
                                                                              • Opcode ID: 90e02de921e6cd45534ac902a1a199861ccdb1202d995cf63f03be9c565bb408
                                                                              • Instruction ID: f4f4c0f7cc1e9e4499e025924990d932e917e02a811702e7dcf3255807bbbdbf
                                                                              • Opcode Fuzzy Hash: 90e02de921e6cd45534ac902a1a199861ccdb1202d995cf63f03be9c565bb408
                                                                              • Instruction Fuzzy Hash: ED016972E42719EBEE21AF649844B5DF7A0BF007ECF50015AEA18E7280DB34A951CFD5
                                                                              Function 02F73615 Relevance: 7.5, APIs: 5, Instructions: 45networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 02F73622
                                                                              • gethostbyname.WS2_32(?), ref: 02F73636
                                                                              • htons.WS2_32(?), ref: 02F7365F
                                                                              • connect.WS2_32(00000000,?,00000010), ref: 02F7366F
                                                                              • closesocket.WS2_32(00000000), ref: 02F73679
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: closesocketconnectgethostbynamehtonssocket
                                                                              • String ID:
                                                                              • API String ID: 530611402-0
                                                                              • Opcode ID: 9641cfb47082cf249cdf01a0311c87404ee51f5d4bd888ba294c073b903a0ca5
                                                                              • Instruction ID: 8c298b5fd836b39a5bb0c08b0257186f74149026598f917792199a0188384d79
                                                                              • Opcode Fuzzy Hash: 9641cfb47082cf249cdf01a0311c87404ee51f5d4bd888ba294c073b903a0ca5
                                                                              • Instruction Fuzzy Hash: 50F0F475A2021879EF1077A49C01FEEB3699F043A4F004296FF109A2D1E7B0D5009F99
                                                                              Function 032DE0B6 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 032DE0BD
                                                                                • Part of subcall function 032E7C46: __FF_MSGBANNER.LIBCMT ref: 032E7C69
                                                                                • Part of subcall function 032E7C46: __NMSG_WRITE.LIBCMT ref: 032E7C70
                                                                              • _malloc.LIBCMT ref: 032DE0CA
                                                                              • _malloc.LIBCMT ref: 032DE0E5
                                                                              • __snprintf.LIBCMT ref: 032DE0F8
                                                                              • _malloc.LIBCMT ref: 032DE117
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc$__snprintf
                                                                              • String ID:
                                                                              • API String ID: 1839626857-0
                                                                              • Opcode ID: 60909d306269a7eecaa14b08a4ba8db20eb602b3f16b7d79ac9f69fbaa477fbb
                                                                              • Instruction ID: 4f754d69af68b08a9ccbbff256a154240362bce09bef19d85dcf62121f241075
                                                                              • Opcode Fuzzy Hash: 60909d306269a7eecaa14b08a4ba8db20eb602b3f16b7d79ac9f69fbaa477fbb
                                                                              • Instruction Fuzzy Hash: C30162B49003146ED724DF7DCC89D56BBFCDF44650B409429F489DB604E6B4D5848B90
                                                                              Function 02F88722 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __lock.LIBCMT ref: 02F88740
                                                                                • Part of subcall function 02F8A8AA: __mtinitlocknum.LIBCMT ref: 02F8A8C0
                                                                                • Part of subcall function 02F8A8AA: __amsg_exit.LIBCMT ref: 02F8A8CC
                                                                                • Part of subcall function 02F8A8AA: EnterCriticalSection.KERNEL32(00000000,00000000,?,02F8D842,0000000D,02FA3748,00000008,02F8D939,00000000,?,02F8A4DC,00000000,?,?,?,02F8A53F), ref: 02F8A8D4
                                                                              • ___sbh_find_block.LIBCMT ref: 02F8874B
                                                                              • ___sbh_free_block.LIBCMT ref: 02F8875A
                                                                              • HeapFree.KERNEL32(00000000,00000000,02FA35A0,0000000C,02F8D788,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C), ref: 02F8878A
                                                                              • GetLastError.KERNEL32(?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5,00000000,00000000,?,02F8D842,0000000D), ref: 02F8879B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                              • String ID:
                                                                              • API String ID: 2714421763-0
                                                                              • Opcode ID: f55a60942e003ece7649313a84d268525e2ed4f49f13b08aea7a8838f702d514
                                                                              • Instruction ID: 4286a9f617b95c7f1b962b0457d1fda99f1fd9cd3ab6861a6ba314ac519daa07
                                                                              • Opcode Fuzzy Hash: f55a60942e003ece7649313a84d268525e2ed4f49f13b08aea7a8838f702d514
                                                                              • Instruction Fuzzy Hash: AA01A271D4120EEAEF207BB0DC49B5EFAB5EF007E4F60021AE710A6180DB348590CF94
                                                                              Function 02F7795C Relevance: 7.5, APIs: 5, Instructions: 40sleeppipeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 02F77969
                                                                              • GetTickCount.KERNEL32 ref: 02F77970
                                                                              • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 02F77983
                                                                              • Sleep.KERNEL32(0000000A), ref: 02F77994
                                                                              • GetTickCount.KERNEL32 ref: 02F7799A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$NamedPeekPipeSleep
                                                                              • String ID:
                                                                              • API String ID: 1593283408-0
                                                                              • Opcode ID: c5f47141912bbd30ec80624654f93bf9fbfddf96730055ab6be02f6de943de32
                                                                              • Instruction ID: 215d6a0cc26d966ccafd4c0eaa7bb31eec4c54685bd7feb4f34e742d23effe48
                                                                              • Opcode Fuzzy Hash: c5f47141912bbd30ec80624654f93bf9fbfddf96730055ab6be02f6de943de32
                                                                              • Instruction Fuzzy Hash: A4F08272A6211CBFEB01ABB5EC81DAEF7ADEB485D87250837E601D2010E6709D418AA1
                                                                              Function 02F7C0FD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 140COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf$_strncmp
                                                                              • String ID: abcdefghijklmnop
                                                                              • API String ID: 3493850238-2486878355
                                                                              • Opcode ID: 798af351a32a73abcde59aaf2e97b8e74ca21d507bd7d12f778f2ea00b0982cf
                                                                              • Instruction ID: 4f0aa4d7af2f8ed9cf85078f8068e5e072292e95887d1e092dde03888eb407d5
                                                                              • Opcode Fuzzy Hash: 798af351a32a73abcde59aaf2e97b8e74ca21d507bd7d12f778f2ea00b0982cf
                                                                              • Instruction Fuzzy Hash: A3416472900509BEFB11EEF8DD509EFB3BA9B59384B100536EB05E7110EB71EE098A91
                                                                              Function 032EBDB2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $2$l
                                                                              • API String ID: 0-3132104027
                                                                              • Opcode ID: eb474567eacfc3d501f5e1b6ebaa72d776817f12a42b620c1f05cf73adb88cac
                                                                              • Instruction ID: b5302fc091d2377bc966ada020186050016c7a43a4867718a344183e1c23c8e6
                                                                              • Opcode Fuzzy Hash: eb474567eacfc3d501f5e1b6ebaa72d776817f12a42b620c1f05cf73adb88cac
                                                                              • Instruction Fuzzy Hash: 9241F874C2826A9EEF38CE64C8CA3F9BBA1AB41315F8811D6C1596B195C7B44AC6CF41
                                                                              Function 02F721D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(00000000,?,00000000,?), ref: 02F722C8
                                                                              • LoadLibraryA.KERNEL32(00000000,?,00000000,?), ref: 02F722D3
                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 02F722DB
                                                                                • Part of subcall function 02F726E2: _vswprintf_s.LIBCMT ref: 02F726FE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressHandleLibraryLoadModuleProc_vswprintf_s
                                                                              • String ID: %s!%s
                                                                              • API String ID: 2092861438-2935588013
                                                                              • Opcode ID: 8afb314921add9fd0a285365a83d39cf5fc4b5fa924f6608151132414f267234
                                                                              • Instruction ID: 023331bbb09db2980a1fdf843f7998e44a69159e4ce52bb499e581e7d12bcb3f
                                                                              • Opcode Fuzzy Hash: 8afb314921add9fd0a285365a83d39cf5fc4b5fa924f6608151132414f267234
                                                                              • Instruction Fuzzy Hash: D941C873E040009BEF18DFA5D888E6A37A6EB947E0F65409BDF05AB281D770DD42CB55
                                                                              Function 032EB001 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $2$l
                                                                              • API String ID: 0-3132104027
                                                                              • Opcode ID: a08bc20fbbed711a2771cefccfc8b9c6e4fe8b13b47a8aeaf76eb1eac6ba00ff
                                                                              • Instruction ID: cfd4ee347cbb5d83144eff508e9c89f5556eb5d5913e844e3d3589b74092bf7b
                                                                              • Opcode Fuzzy Hash: a08bc20fbbed711a2771cefccfc8b9c6e4fe8b13b47a8aeaf76eb1eac6ba00ff
                                                                              • Instruction Fuzzy Hash: 8641C634C2D279CADF34CE24D89A3F8BBA5AB05319F9801D6C095AB255C7B49AC6CF40
                                                                              Function 02F7C130 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf$_strncmp
                                                                              • String ID: abcdefghijklmnop
                                                                              • API String ID: 3493850238-2486878355
                                                                              • Opcode ID: fe4e8ba4586560a2205bac78a76216e3122e81017d3bf93a5492f8a286e9e2be
                                                                              • Instruction ID: e5a87fe05b5413b3cf1d46d2eec7487ca648521f5d5df453d383175ebcb2c09b
                                                                              • Opcode Fuzzy Hash: fe4e8ba4586560a2205bac78a76216e3122e81017d3bf93a5492f8a286e9e2be
                                                                              • Instruction Fuzzy Hash: B831A8B290010E6FEB11EFA4DD909EF77AE9F553C47204566EA05E7104FB71EB098BA0
                                                                              Function 02F79977 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf$_memset
                                                                              • String ID: %s%s
                                                                              • API String ID: 444161222-3438391663
                                                                              • Opcode ID: bcba811c29b63c9ede1366c53a574bad106acdb391c70cd27bde83dff3fb3709
                                                                              • Instruction ID: ce4a8fdd79c16dd444330f88bee49123875159be11805172b225298c378bd48b
                                                                              • Opcode Fuzzy Hash: bcba811c29b63c9ede1366c53a574bad106acdb391c70cd27bde83dff3fb3709
                                                                              • Instruction Fuzzy Hash: 7D01D272504205ABDB01DF14CCA4F9777B5EF89780F44456AFB445B221D3B1E508CF52
                                                                              Function 02F7C9F8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F7CA03
                                                                              • GetCurrentProcess.KERNEL32(02F71A51), ref: 02F7CA1D
                                                                                • Part of subcall function 02F7C960: _memset.LIBCMT ref: 02F7C97A
                                                                                • Part of subcall function 02F7C960: __snprintf.LIBCMT ref: 02F7C9D9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$CurrentProcess__snprintf
                                                                              • String ID: system32$syswow64
                                                                              • API String ID: 3270679572-3098820961
                                                                              • Opcode ID: 6ea26fab742ed66cbdb248e6d6a5047291cc49911faf7993eaf58adf6841026b
                                                                              • Instruction ID: a08b9cba2b0a6b0f64a75c3192583a21e7c338c042a630ec8352acbfcc59f6db
                                                                              • Opcode Fuzzy Hash: 6ea26fab742ed66cbdb248e6d6a5047291cc49911faf7993eaf58adf6841026b
                                                                              • Instruction Fuzzy Hash: 08F0E271E843082FF704A750BC16F6A77A99F00BD4F14000BFB096A3C1FFA1A140895D
                                                                              Function 02F76BCF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,RtlCreateUserThread,00000000,?,?,02F762F7,00000000,00000000,00000000,00000000,?,02F765ED,00000000,00000000,00000000), ref: 02F76BE5
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 02F76BEC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: RtlCreateUserThread$ntdll.dll
                                                                              • API String ID: 1646373207-2935400652
                                                                              • Opcode ID: 37f6105fe59a8d6991531dd801e6398621a526f61e5e78748a9523bb526e91f1
                                                                              • Instruction ID: c6e5d87391d6e0ab1a2cd69bd8566e62c7240da1815ce7558145b05f92e78fa0
                                                                              • Opcode Fuzzy Hash: 37f6105fe59a8d6991531dd801e6398621a526f61e5e78748a9523bb526e91f1
                                                                              • Instruction Fuzzy Hash: 6CF08CB2D41128BB9B15DFA0DC0989FBB28EA04690B048505B60692000D6708BA0DB90
                                                                              Function 02F767F1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(ntdll,NtQueueApcThread,?,02F763DD,00000000,00000000), ref: 02F767FE
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 02F76805
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: NtQueueApcThread$ntdll
                                                                              • API String ID: 1646373207-1374908105
                                                                              • Opcode ID: cc36b0c86fd18f71295d56381ca7d683a9b69023ab641b667f4d580289b1c918
                                                                              • Instruction ID: 8bb1fdb88ea4130ce0905d3fb1fffaea4e417fdcbc18ebb6e73a43227defc446
                                                                              • Opcode Fuzzy Hash: cc36b0c86fd18f71295d56381ca7d683a9b69023ab641b667f4d580289b1c918
                                                                              • Instruction Fuzzy Hash: 5CE092362806057BEF241EB4EC12B5A3B59AF00AE4F108429F619C5190EB21D0605E04
                                                                              Function 02F798E8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf_memset
                                                                              • String ID: %s&%s$?%s
                                                                              • API String ID: 2657849664-1750478248
                                                                              • Opcode ID: 57a9054f44ec5c5c77a5e09972c4d1c656d3441fd22c37f511a6eb945b07bab7
                                                                              • Instruction ID: c0a8e09ce7e4d216ad7ccedad720cc0a4ae0667359d15060c83e9d6ced7f7a9d
                                                                              • Opcode Fuzzy Hash: 57a9054f44ec5c5c77a5e09972c4d1c656d3441fd22c37f511a6eb945b07bab7
                                                                              • Instruction Fuzzy Hash: 12F0A0B2504304BFF710EE14CD81E6773ACEB85780F84481ABB0586101E370E901CF32
                                                                              Function 02F74354 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,02F780DF), ref: 02F74366
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 02F7436D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: IsWow64Process$kernel32
                                                                              • API String ID: 1646373207-3789238822
                                                                              • Opcode ID: 1056c18c5620c8382053147125f9855d29ee5f83816d0b6dad6d66252a459be6
                                                                              • Instruction ID: 66ffcf31b2de89bf4c9854663d4c5bd81dfa016fed9f7d0ebfae3c109052d4ba
                                                                              • Opcode Fuzzy Hash: 1056c18c5620c8382053147125f9855d29ee5f83816d0b6dad6d66252a459be6
                                                                              • Instruction Fuzzy Hash: DAE01D70A4020ABBFF04DBF5ED16B5EB7BCEB406CDF100554B506D1140DB75D710AA24
                                                                              Function 02F75475 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32,Wow64RevertWow64FsRedirection,?,02F73484,?,00000000,00000002), ref: 02F75482
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 02F75489
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: Wow64RevertWow64FsRedirection$kernel32
                                                                              • API String ID: 1646373207-3900151262
                                                                              • Opcode ID: bbeb6a31160e80ac6073964aadd82c0bba06a87266f209ce5d4671b7c6d11c8a
                                                                              • Instruction ID: 1bdeec8a26dd2b8963b28fe63273934801901b1ee3eac83c568ca0528bc11b82
                                                                              • Opcode Fuzzy Hash: bbeb6a31160e80ac6073964aadd82c0bba06a87266f209ce5d4671b7c6d11c8a
                                                                              • Instruction Fuzzy Hash: 7FC08CB0AC030C7BBF046FFAFD1A80A7B1CFA40ACAB444420BA0ED1200CF61D0608E64
                                                                              Function 02F75450 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32,Wow64DisableWow64FsRedirection,?,02F73465,?), ref: 02F7545D
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 02F75464
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: Wow64DisableWow64FsRedirection$kernel32
                                                                              • API String ID: 1646373207-736604160
                                                                              • Opcode ID: 34c17b89a86888550b0c0e9a47768bdd3328340e31b55307f99f55ace1a0f931
                                                                              • Instruction ID: 82c10032273d1a3d08605d38788e1b536599723b7ef6f432e84fb8ab8fcb38c6
                                                                              • Opcode Fuzzy Hash: 34c17b89a86888550b0c0e9a47768bdd3328340e31b55307f99f55ace1a0f931
                                                                              • Instruction Fuzzy Hash: E0C08CB0AC030CBBFF046FF6FC1980A7B9CFA449CAB444821BA0ED1200CF61D1608E68
                                                                              Function 02F71DEA Relevance: 6.4, APIs: 4, Instructions: 389COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 02F78250: htonl.WS2_32(8902FB3A), ref: 02F78266
                                                                              • GetLastError.KERNEL32(?,00000000,00000080,?,?,02F7558E,02FA81B0,00000000), ref: 02F72036
                                                                                • Part of subcall function 02F7D9B2: GetCurrentProcess.KERNEL32(000F003F,00000000,00000000,?,00000000,00000001,00000000,D78B5955,00000000,?,?,02F71FCE,00000000,000F003F,?,00000000), ref: 02F7DA21
                                                                              • _memset.LIBCMT ref: 02F721A8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CurrentErrorLastProcess_memsethtonl
                                                                              • String ID:
                                                                              • API String ID: 529797354-0
                                                                              • Opcode ID: e41081dca6ffe8503f3a95d4bf274db511f43a0bef4777c9a3db392c172ea9e5
                                                                              • Instruction ID: dad7ed9b9b36149cd9da0a9d76a685a2fb1d880734ef12b32185e4881fa6ba38
                                                                              • Opcode Fuzzy Hash: e41081dca6ffe8503f3a95d4bf274db511f43a0bef4777c9a3db392c172ea9e5
                                                                              • Instruction Fuzzy Hash: 8FC19EB2A107059FE720DF69DC80A57B3E5FB48384B08893EEA8AD6A40E775F455CF10
                                                                              Function 032D0880 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf$_malloc
                                                                              • String ID:
                                                                              • API String ID: 956503139-0
                                                                              • Opcode ID: 483c540d7d22be3df3323d6f5fd1c6cb0359ba87f80f17c0bbcadf42af1dd9ab
                                                                              • Instruction ID: 9f886a2d8a3525a467273b12ec6bdd41edda672de5f10b7a2d6dd5d753e8f398
                                                                              • Opcode Fuzzy Hash: 483c540d7d22be3df3323d6f5fd1c6cb0359ba87f80f17c0bbcadf42af1dd9ab
                                                                              • Instruction Fuzzy Hash: 2251293A938312AFE725FBB59C04B2E7795AF84760F184519F984AE1B0DFF1C8C48652
                                                                              Function 032D2086 Relevance: 6.2, APIs: 4, Instructions: 186COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 032D20C7
                                                                              • __snprintf.LIBCMT ref: 032D20EE
                                                                                • Part of subcall function 032D8A3D: _memset.LIBCMT ref: 032D8A5E
                                                                              • __snprintf.LIBCMT ref: 032D216A
                                                                                • Part of subcall function 032D5333: _memset.LIBCMT ref: 032D5343
                                                                                • Part of subcall function 032D5333: _memset.LIBCMT ref: 032D534F
                                                                                • Part of subcall function 032D5333: __snprintf.LIBCMT ref: 032D53A0
                                                                                • Part of subcall function 032D5333: _memset.LIBCMT ref: 032D53D7
                                                                                • Part of subcall function 032D5333: _memset.LIBCMT ref: 032D53E2
                                                                                • Part of subcall function 032D53FD: _memset.LIBCMT ref: 032D540D
                                                                                • Part of subcall function 032D53FD: _memset.LIBCMT ref: 032D5419
                                                                                • Part of subcall function 032D53FD: __snprintf.LIBCMT ref: 032D5475
                                                                                • Part of subcall function 032D53FD: _memset.LIBCMT ref: 032D5493
                                                                                • Part of subcall function 032D53FD: _memset.LIBCMT ref: 032D549E
                                                                              • __snprintf.LIBCMT ref: 032D2181
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$__snprintf
                                                                              • String ID:
                                                                              • API String ID: 1922369481-0
                                                                              • Opcode ID: ead7a9399f8d34496f40cd949b27a9a8331296bddb999b6bbc598e89ded7c35d
                                                                              • Instruction ID: fa1f7196b631e460ea2118293f0d8388dbff074dff13ff9c7e4b9776199c53e9
                                                                              • Opcode Fuzzy Hash: ead7a9399f8d34496f40cd949b27a9a8331296bddb999b6bbc598e89ded7c35d
                                                                              • Instruction Fuzzy Hash: CD519D72910219FFDF02EFA8CC84EEEBBBCEB04710F148465F614AB160DB7199958B60
                                                                              Function 02F74CCD Relevance: 6.1, APIs: 4, Instructions: 143COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781C2
                                                                                • Part of subcall function 02F781BC: _malloc.LIBCMT ref: 02F781D2
                                                                                • Part of subcall function 02F89218: __fsopen.LIBCMT ref: 02F89225
                                                                              • _fseek.LIBCMT ref: 02F74D43
                                                                                • Part of subcall function 02F89852: __lock_file.LIBCMT ref: 02F89861
                                                                                • Part of subcall function 02F89852: __ftelli64_nolock.LIBCMT ref: 02F8986E
                                                                              • _fseek.LIBCMT ref: 02F74D5C
                                                                                • Part of subcall function 02F89BE3: __lock_file.LIBCMT ref: 02F89C2E
                                                                                • Part of subcall function 02F89BE3: __fseek_nolock.LIBCMT ref: 02F89C3E
                                                                              • GetFullPathNameA.KERNEL32(?,00000800,?,00000000), ref: 02F74D89
                                                                              • _malloc.LIBCMT ref: 02F74DA3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc$__lock_file_fseek$FullNamePath__fseek_nolock__fsopen__ftelli64_nolock
                                                                              • String ID:
                                                                              • API String ID: 73014519-0
                                                                              • Opcode ID: a3614e85adf5a499fe0881b3db8b53ee96d7c8fb3a52e33a4acc377b241d684a
                                                                              • Instruction ID: 64f08940f61ec1c80e1b20510c1c9dac56844ebae1c12f16aa10a38d8800be84
                                                                              • Opcode Fuzzy Hash: a3614e85adf5a499fe0881b3db8b53ee96d7c8fb3a52e33a4acc377b241d684a
                                                                              • Instruction Fuzzy Hash: BE41D972D00208AECF11BBA4CC45E9FBBBDAF447D4F10052BE715B2290E6759654DF50
                                                                              Function 02F73F99 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a356fb3cdd8815854749f5cb6ee70332676c89a87d8fc2de836a872af17ebe23
                                                                              • Instruction ID: 650902b0ce30a1a3768481f52132a1412e08c7ba9f235b31567b725d90c169d7
                                                                              • Opcode Fuzzy Hash: a356fb3cdd8815854749f5cb6ee70332676c89a87d8fc2de836a872af17ebe23
                                                                              • Instruction Fuzzy Hash: 8B415C72C00109BFDF02FBE4DC459EEBBBAEF44394F144027EA14A2151EB359A55AF91
                                                                              Function 02F8922F Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __flush.LIBCMT ref: 02F892F3
                                                                              • __fileno.LIBCMT ref: 02F89313
                                                                              • __locking.LIBCMT ref: 02F8931A
                                                                              • __flsbuf.LIBCMT ref: 02F89345
                                                                                • Part of subcall function 02F8A641: __getptd_noexit.LIBCMT ref: 02F8A641
                                                                                • Part of subcall function 02F8C5DA: __decode_pointer.LIBCMT ref: 02F8C5E5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                              • String ID:
                                                                              • API String ID: 3240763771-0
                                                                              • Opcode ID: 7c79131283371263545e08592007faf8ffdbe7994527277def79b473de4b7229
                                                                              • Instruction ID: 9df70e538f44206293c1dfe45dced6dd67458ee9d7faea280196426adb321c1e
                                                                              • Opcode Fuzzy Hash: 7c79131283371263545e08592007faf8ffdbe7994527277def79b473de4b7229
                                                                              • Instruction Fuzzy Hash: 3D41C531E00705DFDB25BFA9C8845BEF7BAAF803A4F248229D62597780D7B0DA40CB41
                                                                              Function 032E8676 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __flush.LIBCMT ref: 032E873A
                                                                              • __fileno.LIBCMT ref: 032E875A
                                                                              • __locking.LIBCMT ref: 032E8761
                                                                              • __flsbuf.LIBCMT ref: 032E878C
                                                                                • Part of subcall function 032E9A88: __getptd_noexit.LIBCMT ref: 032E9A88
                                                                                • Part of subcall function 032EBA21: __decode_pointer.LIBCMT ref: 032EBA2C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                              • String ID:
                                                                              • API String ID: 3240763771-0
                                                                              • Opcode ID: 3189c63b6d36f3e16b198eb67bbe20aa43ae525252bc8d927bd72644fdbbceb2
                                                                              • Instruction ID: d25061be788c667827ff607d9d80838ed615151d6bed9a05f77d272a617b0a68
                                                                              • Opcode Fuzzy Hash: 3189c63b6d36f3e16b198eb67bbe20aa43ae525252bc8d927bd72644fdbbceb2
                                                                              • Instruction Fuzzy Hash: 3841E539A20719AFDF24CF69894259FFBB6EF80B20F688568D49597140E7B0DAC0DB40
                                                                              Function 032D3A51 Relevance: 6.1, APIs: 4, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$_malloc
                                                                              • String ID:
                                                                              • API String ID: 3506388080-0
                                                                              • Opcode ID: 770c856bb4aa5c1c11978b410251f8b80e64471e7cbbdc9d56cead455593d3bc
                                                                              • Instruction ID: f71d5bc1e54d1a3ac7e95525dec4245bb5db4fb238d696eed127dfc90348470c
                                                                              • Opcode Fuzzy Hash: 770c856bb4aa5c1c11978b410251f8b80e64471e7cbbdc9d56cead455593d3bc
                                                                              • Instruction Fuzzy Hash: DD41B8BAA10219BEEB00EBA8DC41EBE737DDF04640F140055FB04E9191FBB19AD1D762
                                                                              Function 02F7CC6F Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __time64.LIBCMT ref: 02F7CC7B
                                                                                • Part of subcall function 02F89E8E: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,02F7CB2D,00000000,00000080,?,?,?,02F713F0,?,00000000,00000000,00000000,00000000), ref: 02F89E99
                                                                                • Part of subcall function 02F89E8E: __aulldiv.LIBCMT ref: 02F89EB9
                                                                              • __time64.LIBCMT ref: 02F7CC96
                                                                              • __time64.LIBCMT ref: 02F7CD26
                                                                              • __time64.LIBCMT ref: 02F7CD8A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __time64$Time$FileSystem__aulldiv
                                                                              • String ID:
                                                                              • API String ID: 4218076520-0
                                                                              • Opcode ID: 528547ff6b0bc04b7baeb3eeda3fa8b453c2fa4ae196125f872e3160d77c21ab
                                                                              • Instruction ID: 9ce260bcf1fdc9e09038575c27b8989f1316f0bae2c6bcf6b27829095d28d63a
                                                                              • Opcode Fuzzy Hash: 528547ff6b0bc04b7baeb3eeda3fa8b453c2fa4ae196125f872e3160d77c21ab
                                                                              • Instruction Fuzzy Hash: F24144B9D80208CFC725CF68E5C1826FBE5FB853D4B108B2FD22A86654D77195A0DE90
                                                                              Function 032DC0B6 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __time64$__aulldiv
                                                                              • String ID:
                                                                              • API String ID: 2203630334-0
                                                                              • Opcode ID: 4bdce021f664fb6a8a2a07c26b2a73003d50b7fd43c405f525bd81e189684942
                                                                              • Instruction ID: 1f0c0bad8d87217fc666fee2bd051eed4b67191d9eb364d3df4796b6f7d7e049
                                                                              • Opcode Fuzzy Hash: 4bdce021f664fb6a8a2a07c26b2a73003d50b7fd43c405f525bd81e189684942
                                                                              • Instruction Fuzzy Hash: 99414CB5920731CFE71ADF68CEC2926B7F5FB86710764812EE49ACA261D7B09480DF50
                                                                              Function 02F77303 Relevance: 6.1, APIs: 4, Instructions: 106sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F7731D
                                                                              • _memset.LIBCMT ref: 02F77335
                                                                                • Part of subcall function 02F78293: htons.WS2_32(?), ref: 02F782AB
                                                                                • Part of subcall function 02F77260: GetLastError.KERNEL32(-0000EA60,00000000,?,02F737B2,?), ref: 02F7727A
                                                                              • Sleep.KERNEL32(000001F4), ref: 02F773C8
                                                                              • GetLastError.KERNEL32 ref: 02F773D4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast_memset$Sleephtons
                                                                              • String ID:
                                                                              • API String ID: 2264653377-0
                                                                              • Opcode ID: 1f59ab9cf9d419e5583f61ffee1d68fe5ef47d38378f2709135dcd9930dc4986
                                                                              • Instruction ID: dbb30378cd8915c3d69665303e8cfb5fe4fd6abd9e581ec4c01cde614461ebb7
                                                                              • Opcode Fuzzy Hash: 1f59ab9cf9d419e5583f61ffee1d68fe5ef47d38378f2709135dcd9930dc4986
                                                                              • Instruction Fuzzy Hash: 6B317072D4421D6EEF11AAE4DC85EEEB7BDEF04394F00006BE714A6190EA759A188F60
                                                                              Function 02F938D8 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02F9390C
                                                                              • __isleadbyte_l.LIBCMT ref: 02F93940
                                                                              • MultiByteToWideChar.KERNEL32(488D10C4,00000009,00000000,53DC458D,02FA15C0,00000000,?,?,?,02F7C08B,00000000,02FA15C0,00000000), ref: 02F93971
                                                                              • MultiByteToWideChar.KERNEL32(488D10C4,00000009,00000000,00000001,02FA15C0,00000000,?,?,?,02F7C08B,00000000,02FA15C0,00000000), ref: 02F939DF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                              • String ID:
                                                                              • API String ID: 3058430110-0
                                                                              • Opcode ID: d10b2e1f8fc5a2b0e6913c8ff7dc886a9fa109474402f71119a2b5ce19d02395
                                                                              • Instruction ID: 2db7bb5be01eb0ff01143d0ba490d76541e0562acfa2e110ca8f861fd71770b8
                                                                              • Opcode Fuzzy Hash: d10b2e1f8fc5a2b0e6913c8ff7dc886a9fa109474402f71119a2b5ce19d02395
                                                                              • Instruction Fuzzy Hash: 2A31A231E0424AEFEF10DF64C8A5BAE7BA6BF01394F1445A9EAA59B191D330D940CF51
                                                                              Function 02F75A6B Relevance: 6.1, APIs: 4, Instructions: 100sleeppipeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateInfoPipeSleepStartup_memset
                                                                              • String ID:
                                                                              • API String ID: 112726305-0
                                                                              • Opcode ID: 1ca077dfa12fc4ae63ddc0e8eae05e45ab61492f5a9f40a4274a4aaf3c9d5d31
                                                                              • Instruction ID: 962ec852e042bb6d686b29b7da9b5d37ef4378514910676917ca87fd98284660
                                                                              • Opcode Fuzzy Hash: 1ca077dfa12fc4ae63ddc0e8eae05e45ab61492f5a9f40a4274a4aaf3c9d5d31
                                                                              • Instruction Fuzzy Hash: AF31F77280010DABDF01DFA8DD45AEEBBBAFF08354F104166FA14A6160EB729A55CF91
                                                                              Function 02F76C20 Relevance: 6.1, APIs: 4, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F76C39
                                                                              • GetVersionExA.KERNEL32(?,?,?,00000000), ref: 02F76C52
                                                                              • SetLastError.KERNEL32(00000005,?,?,00000000), ref: 02F76C77
                                                                                • Part of subcall function 02F7D320: GetCurrentProcess.KERNEL32(000001B0,?,?,?,?,02F72023,00000000,000001B0,?,00000000,00000080,?,?,02F7558E,02FA81B0,00000000), ref: 02F7D369
                                                                                • Part of subcall function 02F7D320: VirtualAlloc.KERNEL32(00000000,02F72023,00003000,00000000,000001B0,?,?,?,?,02F72023,00000000,000001B0,?,00000000,00000080), ref: 02F7D3CA
                                                                              • SetLastError.KERNEL32(00000006,?,?,00000000), ref: 02F76CF4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$AllocCurrentProcessVersionVirtual_memset
                                                                              • String ID:
                                                                              • API String ID: 3952774693-0
                                                                              • Opcode ID: d91039101bf5db5ceda60ae7dc773e345dc083e714b640ccdcb0a4d4682fbfa8
                                                                              • Instruction ID: d330c5c7b70dd92568f5d2d03986948eab570c2e54a4aa262b8f8d08b1ca3766
                                                                              • Opcode Fuzzy Hash: d91039101bf5db5ceda60ae7dc773e345dc083e714b640ccdcb0a4d4682fbfa8
                                                                              • Instruction Fuzzy Hash: EF21E673E00614AFDB209F74AC45B8B77ACEF047E5F55046AEB0DEB181DB7099458B90
                                                                              Function 032D9B55 Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 032D9B62
                                                                                • Part of subcall function 032E7C46: __FF_MSGBANNER.LIBCMT ref: 032E7C69
                                                                                • Part of subcall function 032E7C46: __NMSG_WRITE.LIBCMT ref: 032E7C70
                                                                              • __snprintf.LIBCMT ref: 032D9B73
                                                                                • Part of subcall function 032E7B69: __lock.LIBCMT ref: 032E7B87
                                                                                • Part of subcall function 032E7B69: ___sbh_find_block.LIBCMT ref: 032E7B92
                                                                                • Part of subcall function 032E7B69: ___sbh_free_block.LIBCMT ref: 032E7BA1
                                                                              • _malloc.LIBCMT ref: 032D9BBF
                                                                              • __snprintf.LIBCMT ref: 032D9BD4
                                                                                • Part of subcall function 032D9B18: _malloc.LIBCMT ref: 032D9B23
                                                                                • Part of subcall function 032D9B18: __snprintf.LIBCMT ref: 032D9B37
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf_malloc$___sbh_find_block___sbh_free_block__lock
                                                                              • String ID:
                                                                              • API String ID: 2461076633-0
                                                                              • Opcode ID: f3bb46f63916d42a36ce6405dad70234746f5f5e2b3cbe09fd92735812a3d326
                                                                              • Instruction ID: b5fcb4bc310a082e91623a9be72385ee815fc24f7290e31798987be78427db8a
                                                                              • Opcode Fuzzy Hash: f3bb46f63916d42a36ce6405dad70234746f5f5e2b3cbe09fd92735812a3d326
                                                                              • Instruction Fuzzy Hash: 9D21D036410208BBDF11DF658C85EAF3B7DEF45262F188028F8156A151EBB189919BA0
                                                                              Function 02F77017 Relevance: 6.1, APIs: 4, Instructions: 81synchronizationCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 02F77033
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              • htonl.WS2_32(?), ref: 02F77048
                                                                                • Part of subcall function 02F77162: PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000080), ref: 02F77183
                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000,00000000,00000000,00000080), ref: 02F770AF
                                                                              • _memset.LIBCMT ref: 02F770E0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeapNamedObjectPeekPipeSingleWait_malloc_memsethtonl
                                                                              • String ID:
                                                                              • API String ID: 2241902265-0
                                                                              • Opcode ID: 13a67c04113f59248cffca468ad09cbdf840d5627f8dd382573b836afc50dea9
                                                                              • Instruction ID: 41292593b05da85b6cda0567414f16abe8c53102772312ed107c428cf8f300f6
                                                                              • Opcode Fuzzy Hash: 13a67c04113f59248cffca468ad09cbdf840d5627f8dd382573b836afc50dea9
                                                                              • Instruction Fuzzy Hash: 1521C471D10204E7DF20BFA88C80AAAF7B9EF04BD4F51416AEE44A7141E77089458B65
                                                                              Function 02F732EC Relevance: 6.1, APIs: 4, Instructions: 76synchronizationpipeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 02F732FF
                                                                              • CreatePipe.KERNEL32(?,?,?,00100000), ref: 02F73335
                                                                              • GetStartupInfoA.KERNEL32(?), ref: 02F7333F
                                                                              • WaitForSingleObject.KERNEL32(?,00002710), ref: 02F73383
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateInfoObjectPipeSingleStartupWait_memset
                                                                              • String ID:
                                                                              • API String ID: 468459245-0
                                                                              • Opcode ID: fa12dad36069e9ad88bef37dbd518bc8c27529cf54a75182a64e27ac04fb81c5
                                                                              • Instruction ID: a4fb66889d02e699bc02a3edaae973f0a27eb1dba6cb186dac8a366caddf37a3
                                                                              • Opcode Fuzzy Hash: fa12dad36069e9ad88bef37dbd518bc8c27529cf54a75182a64e27ac04fb81c5
                                                                              • Instruction Fuzzy Hash: 28212572C0051CFAEF10DFA8DD45ADEBBB9FF48354F100166EA04E6250E7B19A558BA1
                                                                              Function 032D0D1A Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __vscwprintf_helper_malloc_memset_vswprintf_s_vwprintf
                                                                              • String ID:
                                                                              • API String ID: 2856252058-0
                                                                              • Opcode ID: eccc273c426231604760ca4403401cd5331d21854103d622b5c33626475fdbcf
                                                                              • Instruction ID: 6e72a2022311d7a384e0a9c37d46537875afc2885a3f9d9cd5b85ec4e1afd338
                                                                              • Opcode Fuzzy Hash: eccc273c426231604760ca4403401cd5331d21854103d622b5c33626475fdbcf
                                                                              • Instruction Fuzzy Hash: 9111D2BA810718BFDF12EF94DC81DEE7B6CEF45210F104026FA009A154E7709B80CBA1
                                                                              Function 02F7113A Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 02F7114F
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                                • Part of subcall function 02F7540D: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000,00002000,?,02F710EF,00000000,?,00002000,?,00002000,?,?,?,00000000), ref: 02F7541F
                                                                              • _memset.LIBCMT ref: 02F711A4
                                                                              • _memset.LIBCMT ref: 02F711B3
                                                                              • _memset.LIBCMT ref: 02F711CA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$AllocateEnvironmentExpandHeapStrings_malloc
                                                                              • String ID:
                                                                              • API String ID: 2041733451-0
                                                                              • Opcode ID: 5e5f5dc4363b48b600acd5cb732dc45f72f358c6decd22cf3edd9bcaa435d8a4
                                                                              • Instruction ID: bf3985e06c3a20cc137eb2a029a2234ec3ea4a903db77faa69e159274950d154
                                                                              • Opcode Fuzzy Hash: 5e5f5dc4363b48b600acd5cb732dc45f72f358c6decd22cf3edd9bcaa435d8a4
                                                                              • Instruction Fuzzy Hash: 2B110B71A001457AEB10AB348C80BB7BB7FDF463D4F500155E65D9B242E7629A09C7A4
                                                                              Function 032D0581 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 032D0596
                                                                                • Part of subcall function 032E7C46: __FF_MSGBANNER.LIBCMT ref: 032E7C69
                                                                                • Part of subcall function 032E7C46: __NMSG_WRITE.LIBCMT ref: 032E7C70
                                                                              • _memset.LIBCMT ref: 032D05EB
                                                                              • _memset.LIBCMT ref: 032D05FA
                                                                              • _memset.LIBCMT ref: 032D0611
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$_malloc
                                                                              • String ID:
                                                                              • API String ID: 3506388080-0
                                                                              • Opcode ID: cf7bc87be9f6fe12c1cc26451aee5a38676cef1de39d46c13cf468d69783dccd
                                                                              • Instruction ID: 13dfbf0e1b211029c7dbdf105cd290d4d000e34fd5349b7ec429f170ba0b045f
                                                                              • Opcode Fuzzy Hash: cf7bc87be9f6fe12c1cc26451aee5a38676cef1de39d46c13cf468d69783dccd
                                                                              • Instruction Fuzzy Hash: 73115EB5520242BADB11DB758C81FB67B6DEF43150F9440A4E989E7152E7629944C3B0
                                                                              Function 032DD3AC Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$__snprintf
                                                                              • String ID:
                                                                              • API String ID: 1922369481-0
                                                                              • Opcode ID: 0b77754e00971b816becf871862b002416d1944a8936460023697811a4b03b18
                                                                              • Instruction ID: 60e84a33f2b3630653bbc91bec350ffaeb90dd8bc07919f692f4e25e597dc48f
                                                                              • Opcode Fuzzy Hash: 0b77754e00971b816becf871862b002416d1944a8936460023697811a4b03b18
                                                                              • Instruction Fuzzy Hash: 1D21DDB291025DBADB11DB90DC85EEBB7BCEF04744F4544BAB616E6100E6B49BC48BA0
                                                                              Function 02F7C8C3 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID:
                                                                              • API String ID: 2102423945-0
                                                                              • Opcode ID: a3ecf0f97620c1f29b921e8d6af35b801fc979892f1a1c75d30355375d336fb9
                                                                              • Instruction ID: d9ef6b7b3b920a3c2cbd6a6b4bd9e00b085b2047770466770c94ff463f6b91ed
                                                                              • Opcode Fuzzy Hash: a3ecf0f97620c1f29b921e8d6af35b801fc979892f1a1c75d30355375d336fb9
                                                                              • Instruction Fuzzy Hash: 9701A171981209BBDF516A799C84EAF7EAEEF493E4F04442BF70886101EB35C650DBB1
                                                                              Function 032DBD0A Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID:
                                                                              • API String ID: 2102423945-0
                                                                              • Opcode ID: 372f1fdea8833eaf01995195b0d1b2ba8c5a0e4fe86fb03d21595e93ee87e65a
                                                                              • Instruction ID: 0b5d3a3136a1646bbdffd736539523d64d3696e03a35a6fe096a14a7feadd020
                                                                              • Opcode Fuzzy Hash: 372f1fdea8833eaf01995195b0d1b2ba8c5a0e4fe86fb03d21595e93ee87e65a
                                                                              • Instruction Fuzzy Hash: 5B010479520315BBEF10EF768DC1CBB3A9CDB09661F964029F909AA008DAB484C0CAB1
                                                                              Function 032ECA7E Relevance: 6.1, APIs: 4, Instructions: 57COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __lock$___addlocaleref__crt_waiting_on_module_handle
                                                                              • String ID:
                                                                              • API String ID: 1628550938-0
                                                                              • Opcode ID: b799983ec1c979bb7eeb933c8149a55539d73996efb09cfb85e3ff7e7b31385d
                                                                              • Instruction ID: 4a09e45b1c07e84f461e73b4b77813ee6cbdbc894cce7c90a4315e65b0fa25b5
                                                                              • Opcode Fuzzy Hash: b799983ec1c979bb7eeb933c8149a55539d73996efb09cfb85e3ff7e7b31385d
                                                                              • Instruction Fuzzy Hash: B111A274810B11EEE720EF79D841B5ABBE0EF04314F90851EE5999B3A0CBB49581CF11
                                                                              Function 02F7EF0C Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _clock
                                                                              • String ID:
                                                                              • API String ID: 876827150-0
                                                                              • Opcode ID: 908a800f1b4aee3d8470d56c238d3ac105f65cf764e8ae670c4fb01448cdafdd
                                                                              • Instruction ID: 315ed966f25433347a42d2c480411d8015610e7ec8a4cc57c95d28efbd37c9db
                                                                              • Opcode Fuzzy Hash: 908a800f1b4aee3d8470d56c238d3ac105f65cf764e8ae670c4fb01448cdafdd
                                                                              • Instruction Fuzzy Hash: B2010C71E00619EFDF21DFE898C05EDBBB4EF112D4F1584EBD602AA640D7705A44CBA1
                                                                              Function 032DE353 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _clock
                                                                              • String ID:
                                                                              • API String ID: 876827150-0
                                                                              • Opcode ID: 908a800f1b4aee3d8470d56c238d3ac105f65cf764e8ae670c4fb01448cdafdd
                                                                              • Instruction ID: 02dc789df0a7fb445bb5e3ecba28112435e6dd5b4b81e5c54d0fef2c8c748f3b
                                                                              • Opcode Fuzzy Hash: 908a800f1b4aee3d8470d56c238d3ac105f65cf764e8ae670c4fb01448cdafdd
                                                                              • Instruction Fuzzy Hash: 87014071E20719EFCB50EFE984805BEFBB5FB01640F1645BAD651AE240D6704A84DBA0
                                                                              Function 02F7DE47 Relevance: 6.0, APIs: 4, Instructions: 46sleepsynchronizationthreadCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Sleep.KERNEL32(000003E8,00000000,00000000,00000080,02F716C4), ref: 02F7DE84
                                                                              • ExitThread.KERNEL32 ref: 02F7DE8E
                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000,00000080,02F716C4), ref: 02F7DEAF
                                                                              • ExitProcess.KERNEL32 ref: 02F7DEBB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Exit$ObjectProcessSingleSleepThreadWait
                                                                              • String ID:
                                                                              • API String ID: 2040395460-0
                                                                              • Opcode ID: f24d3a30b1049b1f2ac9bcefc1bac875d1dec0a901741b2bf6914586198d7282
                                                                              • Instruction ID: 021b3bac307de17fa59345717ffed703f7b239c1af3f6a32d173a5c700e64ee9
                                                                              • Opcode Fuzzy Hash: f24d3a30b1049b1f2ac9bcefc1bac875d1dec0a901741b2bf6914586198d7282
                                                                              • Instruction Fuzzy Hash: 97F062A2E88258A6F9353BE5BC89F6A7A1ADB90BEAF500527F314590C09F6108508825
                                                                              Function 02F7E0A1 Relevance: 6.0, APIs: 4, Instructions: 42threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThread.KERNEL32 ref: 02F7E0AE
                                                                              • OpenThreadToken.ADVAPI32(00000000), ref: 02F7E0B5
                                                                              • GetCurrentProcess.KERNEL32(00000008,?), ref: 02F7E0C5
                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 02F7E0CC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CurrentOpenProcessThreadToken
                                                                              • String ID:
                                                                              • API String ID: 3974789173-0
                                                                              • Opcode ID: b0ad6dea3cee9750bdd2ac9bc8ca47f86e0124444b547e080d108a034a572a4d
                                                                              • Instruction ID: 51ccf14d03955ff75cc40e96b769685e77df5fb49229c9d024227569390baf56
                                                                              • Opcode Fuzzy Hash: b0ad6dea3cee9750bdd2ac9bc8ca47f86e0124444b547e080d108a034a572a4d
                                                                              • Instruction Fuzzy Hash: F0F06231A40208ABEB25FBB4FD09F9E76ADAF40BC8F1004A7E70194090DFB1D9548E60
                                                                              Function 02F7ED4F Relevance: 6.0, APIs: 4, Instructions: 40networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • accept.WS2_32(?,00000000,00000000), ref: 02F7ED5D
                                                                              • send.WS2_32(00000000,?,?,00000000), ref: 02F7ED8A
                                                                              • send.WS2_32(00000000,?,?,00000000), ref: 02F7ED98
                                                                              • closesocket.WS2_32(00000000), ref: 02F7EDA3
                                                                                • Part of subcall function 02F7ECDF: closesocket.WS2_32(?), ref: 02F7ECE1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: closesocketsend$accept
                                                                              • String ID:
                                                                              • API String ID: 2168303407-0
                                                                              • Opcode ID: 809a1ee34c0d744aafac1bfe81948298c59062bf7905e99c3abab002293b4dbc
                                                                              • Instruction ID: d315ae5eddaf05f6e0ea7bde54c31d633a14146930aab1bb72d0be666de0981f
                                                                              • Opcode Fuzzy Hash: 809a1ee34c0d744aafac1bfe81948298c59062bf7905e99c3abab002293b4dbc
                                                                              • Instruction Fuzzy Hash: CDF096765507047BEA213B74EC40F46F76EEF087A0F205A5BF756554918672A4108F94
                                                                              Function 02F791E2 Relevance: 6.0, APIs: 4, Instructions: 39memorythreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InitializeProcThreadAttributeList.KERNEL32(00000000,02F79286,00000000,00000000,?,?,?,?,?,02F79286,00000000), ref: 02F791FD
                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,02F79286,00000000), ref: 02F79203
                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,02F79286,00000000), ref: 02F7920A
                                                                              • InitializeProcThreadAttributeList.KERNEL32(00000000,02F79286,00000000,00000000,?,?,?,?,02F79286,00000000), ref: 02F7921F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AttributeHeapInitializeListProcThread$AllocProcess
                                                                              • String ID:
                                                                              • API String ID: 1212816094-0
                                                                              • Opcode ID: 25c6f23a1e8c5215db0d55039756ea3ad7d07a3f881a2e4421e7cf705a8435f9
                                                                              • Instruction ID: b35b9b66e16631b7785e7cb6e892ad5ff262de96a22fb43fc0264f3fd06c58cf
                                                                              • Opcode Fuzzy Hash: 25c6f23a1e8c5215db0d55039756ea3ad7d07a3f881a2e4421e7cf705a8435f9
                                                                              • Instruction Fuzzy Hash: 0FF05E76A0010CFB8B11EBE6ED88CAF7EBCEAC9A947100426F601D2100D6719A10DB70
                                                                              Function 02F772B8 Relevance: 6.0, APIs: 4, Instructions: 35sleeppipeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 02F772CA
                                                                              • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,?,?,02F75B45,?,00000000), ref: 02F772DE
                                                                              • Sleep.KERNEL32(000001F4,?,?,?,02F75B45,?,00000000), ref: 02F772F2
                                                                              • GetTickCount.KERNEL32 ref: 02F772F8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$NamedPeekPipeSleep
                                                                              • String ID:
                                                                              • API String ID: 1593283408-0
                                                                              • Opcode ID: e3d5cc05d7c8098a9766fe0639d3782cd863d93bfcbb3913c1706357800abba3
                                                                              • Instruction ID: a7dd06613bb931bd637c130edc9071c13910ecdbf08b6943da70e37bde5a251f
                                                                              • Opcode Fuzzy Hash: e3d5cc05d7c8098a9766fe0639d3782cd863d93bfcbb3913c1706357800abba3
                                                                              • Instruction Fuzzy Hash: 05F012B1D5011DFFEB01AF95DC848AEF7ADEA545D97144477F61192110DA709D40CE60
                                                                              Function 02F9128A Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 02F91296
                                                                                • Part of subcall function 02F8D797: __getptd_noexit.LIBCMT ref: 02F8D79A
                                                                                • Part of subcall function 02F8D797: __amsg_exit.LIBCMT ref: 02F8D7A7
                                                                              • __getptd.LIBCMT ref: 02F912AD
                                                                              • __amsg_exit.LIBCMT ref: 02F912BB
                                                                              • __lock.LIBCMT ref: 02F912CB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 3521780317-0
                                                                              • Opcode ID: ba8c2b2cfbf99f539178f18b2976adfb99521303fd63469a870cd5e0d79e8851
                                                                              • Instruction ID: 681bc889f76a1750d602e79590973c699ab12682d9a855f1ceb5bde18cc8764b
                                                                              • Opcode Fuzzy Hash: ba8c2b2cfbf99f539178f18b2976adfb99521303fd63469a870cd5e0d79e8851
                                                                              • Instruction Fuzzy Hash: 26F09032E44706DAFF20BBB48805B4EB3A16F017E4F1006AAC749EB2C0CB349401CF52
                                                                              Function 032F06D1 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 032F06DD
                                                                                • Part of subcall function 032ECBDE: __getptd_noexit.LIBCMT ref: 032ECBE1
                                                                                • Part of subcall function 032ECBDE: __amsg_exit.LIBCMT ref: 032ECBEE
                                                                              • __getptd.LIBCMT ref: 032F06F4
                                                                              • __amsg_exit.LIBCMT ref: 032F0702
                                                                              • __lock.LIBCMT ref: 032F0712
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 3521780317-0
                                                                              • Opcode ID: 632a2da44d7129273f8f1a3f3d2bd9dc2f35d501a8d6ef1af36a422137bc2622
                                                                              • Instruction ID: 48788516abc0f0f6616bfd9f2da40a09b2acc98de06309a5e6236f89947da86b
                                                                              • Opcode Fuzzy Hash: 632a2da44d7129273f8f1a3f3d2bd9dc2f35d501a8d6ef1af36a422137bc2622
                                                                              • Instruction Fuzzy Hash: C5F090359B07148FE721FBB48846B48B7A0AF40721F4485AAD6449F2D1CBF4A9C1DB91
                                                                              Function 032DB017 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 231COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc
                                                                              • String ID: AAAABBBB$t
                                                                              • API String ID: 1579825452-3631256263
                                                                              • Opcode ID: a9301101c6a3a8d4bb0fc3d84ec1763028fbea15f3df00e7710ee4c5a369d024
                                                                              • Instruction ID: ea7f9e3a2a677a1f3fea4f1535a078f3dc42c473b7c6dd805567f3346918ae9a
                                                                              • Opcode Fuzzy Hash: a9301101c6a3a8d4bb0fc3d84ec1763028fbea15f3df00e7710ee4c5a369d024
                                                                              • Instruction Fuzzy Hash: F981A075E1020AAFDF04DFA8C890AEEB7B5FF48310F188159E915AB350D774EA85CB90
                                                                              Function 02F7CF6B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: l.dl$ntdl
                                                                              • API String ID: 2102423945-1236859653
                                                                              • Opcode ID: 1fa81a2a2cbbb61675b1149e2676844100b29c6b66f61cbe1bcb22762e416b2a
                                                                              • Instruction ID: ff48d2cc923154e427140f0101ae8ec4f00d9b408e6de1fb7afdd8b45153272c
                                                                              • Opcode Fuzzy Hash: 1fa81a2a2cbbb61675b1149e2676844100b29c6b66f61cbe1bcb22762e416b2a
                                                                              • Instruction Fuzzy Hash: C2515B75E00605DFCB24DF58C480AADBBF1FF48754F6580AADA44AB315D731EA92CB90
                                                                              Function 032DC3B2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_32d0000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: l.dl$ntdl
                                                                              • API String ID: 2102423945-1236859653
                                                                              • Opcode ID: fdb6297e7cbd8406269c93f82204456c1cf00d7e15b5db9edf4be9e089ab1587
                                                                              • Instruction ID: dcad8d23b089a71ec13541078941700ecf14dfa1092c31350642444e24ceecbc
                                                                              • Opcode Fuzzy Hash: fdb6297e7cbd8406269c93f82204456c1cf00d7e15b5db9edf4be9e089ab1587
                                                                              • Instruction Fuzzy Hash: E2514A75A10226DFCB20CF98C580AADF7F1FF48314F2984AAD945AB751D730EA81CB94
                                                                              Function 02F7C072 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf
                                                                              • String ID: %c%c%c%c
                                                                              • API String ID: 2633826957-103593547
                                                                              • Opcode ID: 27eccf9cf31331a9b6709144252f187ddd37a3644c52cf3b1b885d7d601bd095
                                                                              • Instruction ID: 56f03d5310186a038c19544118f372d17b0d4acf5a4209b962eefe739d6afc64
                                                                              • Opcode Fuzzy Hash: 27eccf9cf31331a9b6709144252f187ddd37a3644c52cf3b1b885d7d601bd095
                                                                              • Instruction Fuzzy Hash: F4F0F6B180014E6DDB01EBE48CAEEFFBFFD4F04681F400181AB51E2001E625E34D8B91
                                                                              Function 02F7504D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 02F75058
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              • __snprintf.LIBCMT ref: 02F7506C
                                                                                • Part of subcall function 02F89D8A: RemoveDirectoryA.KERNEL32(02F75080,?,02F75080,00000000), ref: 02F89D92
                                                                                • Part of subcall function 02F89D8A: GetLastError.KERNEL32(?,02F75080,00000000), ref: 02F89D9C
                                                                                • Part of subcall function 02F89D8A: __dosmaperr.LIBCMT ref: 02F89DAB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateDirectoryErrorHeapLastRemove__dosmaperr__snprintf_malloc
                                                                              • String ID: %s\%s
                                                                              • API String ID: 47932920-4073750446
                                                                              • Opcode ID: e7f90705ae65728a5bc2795dc248660acb712fc884a251bb6dde7c8dbe40ddfa
                                                                              • Instruction ID: 2cfb9faeb2c41c1b8893b597f3286d940dd5e93fd0872daa3cd0d4286c9ced0b
                                                                              • Opcode Fuzzy Hash: e7f90705ae65728a5bc2795dc248660acb712fc884a251bb6dde7c8dbe40ddfa
                                                                              • Instruction Fuzzy Hash: 2AE01A2350011D7A96113A95AC05EBEBA6ECF82AE0F94402AFB09252406BA6695149EA
                                                                              Function 02F7982A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf_memset
                                                                              • String ID: %s%s: %s
                                                                              • API String ID: 2657849664-533130479
                                                                              • Opcode ID: 30ce0d61ea5bc3397bda0fb215b284860c09a55c3a9bd78e07b1f9d6f33bf075
                                                                              • Instruction ID: 51c5791df22b5e0487131d0d01b45a78842dee3ddd10e15d1cca557105df85a8
                                                                              • Opcode Fuzzy Hash: 30ce0d61ea5bc3397bda0fb215b284860c09a55c3a9bd78e07b1f9d6f33bf075
                                                                              • Instruction Fuzzy Hash: CAF03072204204ABDB019E50CCC0E9B777AAF8A790F401466FB05AB155D671E915CB62
                                                                              Function 02F7A6D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 02F7A6DC
                                                                                • Part of subcall function 02F887FF: __FF_MSGBANNER.LIBCMT ref: 02F88822
                                                                                • Part of subcall function 02F887FF: __NMSG_WRITE.LIBCMT ref: 02F88829
                                                                                • Part of subcall function 02F887FF: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5), ref: 02F88876
                                                                              • __snprintf.LIBCMT ref: 02F7A6F0
                                                                                • Part of subcall function 02F7A70E: _malloc.LIBCMT ref: 02F7A71B
                                                                                • Part of subcall function 02F7A70E: __snprintf.LIBCMT ref: 02F7A72C
                                                                                • Part of subcall function 02F7A70E: FindFirstFileA.KERNEL32(00000000,02F750C9,?,02F7A7FD,02F750C9,?,Function_0000504D), ref: 02F7A739
                                                                                • Part of subcall function 02F7A70E: _malloc.LIBCMT ref: 02F7A778
                                                                                • Part of subcall function 02F7A70E: __snprintf.LIBCMT ref: 02F7A78D
                                                                                • Part of subcall function 02F7A70E: FindNextFileA.KERNEL32(000000FF,02F750C9,?,?,?,?,?,?,?), ref: 02F7A7BA
                                                                                • Part of subcall function 02F7A70E: FindClose.KERNEL32(000000FF,?,?,?,?,?,?,?), ref: 02F7A7C7
                                                                                • Part of subcall function 02F88722: __lock.LIBCMT ref: 02F88740
                                                                                • Part of subcall function 02F88722: ___sbh_find_block.LIBCMT ref: 02F8874B
                                                                                • Part of subcall function 02F88722: ___sbh_free_block.LIBCMT ref: 02F8875A
                                                                                • Part of subcall function 02F88722: HeapFree.KERNEL32(00000000,00000000,02FA35A0,0000000C,02F8D788,00000000,?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C), ref: 02F8878A
                                                                                • Part of subcall function 02F88722: GetLastError.KERNEL32(?,02F9181E,00000000,00000001,00000000,?,02F8A834,00000018,02FA3700,0000000C,02F8A8C5,00000000,00000000,?,02F8D842,0000000D), ref: 02F8879B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Find__snprintf_malloc$FileHeap$AllocateCloseErrorFirstFreeLastNext___sbh_find_block___sbh_free_block__lock
                                                                              • String ID: %s\%s
                                                                              • API String ID: 1254174322-4073750446
                                                                              • Opcode ID: 032fcf2b3afd004aa9a4fc832c887a781883f2e323358a7c502cd7a6501c7d7e
                                                                              • Instruction ID: 21e0eb99e27409434096cc6b5e8574f5ea4dde593bdf1bef250be91dcf379072
                                                                              • Opcode Fuzzy Hash: 032fcf2b3afd004aa9a4fc832c887a781883f2e323358a7c502cd7a6501c7d7e
                                                                              • Instruction Fuzzy Hash: 1DE0EC3254111D779B123E569C40DEFBB7EEF86AE0B454025FF08611109B3699226BA6
                                                                              Function 02F98DF9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Failure
                                                                              • String ID: abcdefghijklmnop$abcdefghijklmnop
                                                                              • API String ID: 3995482717-935656707
                                                                              • Opcode ID: 4d1227ede6a145633f070787483e74cd4d58cfad1496ae03b9bb51402f780a7b
                                                                              • Instruction ID: c321b08cecb7198c3e2a62a3638192767003e337bed6afbaa4113b7967184c5b
                                                                              • Opcode Fuzzy Hash: 4d1227ede6a145633f070787483e74cd4d58cfad1496ae03b9bb51402f780a7b
                                                                              • Instruction Fuzzy Hash: 6AD0C97760D2183EF920A45A7D06FBB7BADD7C1AB5F60816BFA0885180A9422C2951B9
                                                                              Function 02F7993D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02F70000, based on PE: true
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000000.00000002.3326762963.0000000002FB5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2f70000_Xwl3DsNmN2.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __snprintf_memset
                                                                              • String ID: %s%s
                                                                              • API String ID: 2657849664-3438391663
                                                                              • Opcode ID: 3669b0fe1587b99694ff6a22da105d4d511359afbe1929f66c254ac0997203e3
                                                                              • Instruction ID: 8396b3a56bfcd73d55c407a90097cfc97530c91e9cae785b82a54022c9f417b7
                                                                              • Opcode Fuzzy Hash: 3669b0fe1587b99694ff6a22da105d4d511359afbe1929f66c254ac0997203e3
                                                                              • Instruction Fuzzy Hash: 6EE01272104304BBDB11AE65CDC5E8B77BDAF8AB80F404529B705DA115E671D914CF22